Stack Overflow
Stack Overflow

Questions tagged [refresh-token]

A Refresh Token is a special kind of token that can be used to obtain a renewed access token —that allows accessing a protected resource— at any time.

999 questions
6
votes
2 answers

Angular 5 HttpClient Interceptor JWT refresh token unable to Catch 401 and Retry my request

I am trying to implement a catch for 401 responses and tried obtaining a refresh token based on Angular 4 Interceptor retry requests after token refresh. I was trying to implement the same thing, but I never was able to Retry that request, and I am…
Mo Bdair
  • 243
  • 1
  • 5
  • 17
6
votes
0 answers

Keycloak logout endpoint not deleting session

Hello fellow programmes, I am stuck on the issue with keycloak. I am trying to send from node.js express framework request towards keycloak to logout the user. Config.keycloakClient = my_realm Config.keycloakURL = keycloak URL request.get({ …
Daniel Javorský
  • 93
  • 1
  • 2
  • 7
5
votes
1 answer

How to handle user OIDC tokens in Blazor Server when the browser is refreshed and the cookie’s tokens are invalid?

Microsoft recommend against using HttpContext in Blazor Server (here). To work around the issue of how to pass user tokens to a Blazor Server app, Microsoft recommend storing the tokens in a Scoped service (here). Jon McGuire’s blog suggests a…
Rob
  • 1,214
  • 1
  • 11
  • 20
5
votes
1 answer

Spring Secuity 5: Persist and access Oauth2 refresh token

How does my Spring Boot client application access a refresh token supplied by e.g. Google in Spring Security 5? Pretty simple question. The remote authorization server (e.g. Google) sends a refresh token, and I want to use it. What's the best way to…
Nate Vaughan
  • 3,471
  • 4
  • 29
  • 47
5
votes
0 answers

How to invalidate/logout refresh and access tokens with OpenIddict (using memory database)

I am having a .NET Core 2.1 Web API project using OpenIddict. TLDR: Following the example given here, I need the sample for performing the logout request to invalidate/logout the refresh token and the access token for one user. LONG VERSION: It…
iquellis
  • 979
  • 1
  • 8
  • 26
5
votes
4 answers

How to fix "AADSTS90102: 'redirect_uri' value must be a valid absolute Uri." error in Microsoft Graph

Following this procedure: https://learn.microsoft.com/en-us/graph/auth-v2-user I'm trying to get a refresh token from this microsoft end point: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize Using PostAsync method from…
Samuel Anctil
  • 139
  • 1
  • 3
  • 11
5
votes
0 answers

How to check if refresh token is expired with the SDK for iOS (Swift) - Amazon Cognito?

How to check if refresh token is expired with the SDK for iOS - Amazon Cognito? Refresh token expiration day was set on Amazon Cognito. I tried them after Refresh token expiration date. user!.isSignedIn user!.getSession().result However it seems…
Alea
  • 81
  • 6
5
votes
0 answers

Best practice for storing OAuth 2.0 access/refresh tokens with Google Chrome Extensions?

I'm creating a Google Chrome extension which adds upload buttons to images on Instagram profile pages. The service the extension will be uploading to is Imgur. Since I'll eventually want users to be able to upload to specific Imgur albums on their…
MA Hye
  • 73
  • 4
5
votes
2 answers

How to get an access token using a refresh token in Java?

I am currently implementing Contact Application using Google Contact API in Java. I have completed steps of authorization and obtained an access token and a refresh token. Now I have the CLIENT_ID , CLIENT_SECRET AND REFRESH_TOKEN with me . But the…
Santhosh
  • 335
  • 1
  • 4
  • 23
5
votes
2 answers

How to prevent refreshing a stolen access token

The scenario is: you have refresh token that is valid for a longer period of time and an access token that is valid for a shorter period of time. The setup: There is a client, application server and authentication server. The client stores the…
Arthur
  • 71
  • 5
5
votes
1 answer

Spring security JWT refresh token not expiring

i am new to spring and i'm working on spring boot REST with spring security and currently I implemented JWT token. I have some questions but can't seem to find an answer to them. I tried adding a refresh token. At first i thought i will store it in…
Eivyses
  • 341
  • 1
  • 5
  • 13
5
votes
0 answers

How do I set up an OAuth2RestTemplate with client credentials and automatic token refresh in spring-security-oauth 2.2.1.RELEASE

I am implementing a client that authenticates with OAuth2 against WSO2 and I have serious trouble refreshing the access token, getting 401 UNAUTHORIZED. While I have already found out, what the Spring OAuth2 code does, I do not know why its behavior…
hbergmey
  • 51
  • 1
  • 4
5
votes
1 answer

Is it OK to give refresh token to public client during OAuth 2.0 Resource owner password credentials authorization grant?

My Scenario I have the following pieces/parts of software: dedicated server with a Windows Service that exposes REST API with OAuth 2.0 authorization. Type 1 clients: Services on different servers that use REST API. Only organization administrators…
Oleksii
  • 311
  • 1
  • 3
  • 10
5
votes
1 answer

Refresh Token gets revoked with Access Token in Laravel Passport

I am using laravel/passport password_grant for authentication. The whole generating access_token and refresh_token process is working fine. Now I am trying to use laravel passport token events to revoke old tokens. I referred to this post for the…
besrabasant
  • 2,422
  • 6
  • 27
  • 41
5
votes
2 answers

Do not receive refresh token with OpenIddict

I have a web api project based on .net core 2.0. I followed pretty much the very good example on http://kevinchalet.com/2017/01/30/implementing-simple-token-authentication-in-aspnet-core-with-openiddict/. The code that returns the SignIn() result…
iquellis
  • 979
  • 1
  • 8
  • 26
1 2 3
66 67