scribe does not support refresh_token in oauth 2.0 right?

StackOverflow https://stackoverflow.com/questions/8780944

  •  15-04-2021
  •  | 
  •  

Domanda

I found that scribe does not extract refresh_token in access token.

The OAuth 1.0 extractor contains:

Preconditions.checkEmptyString(response, "Response body is incorrect. Can't extract a token from an empty string");
String token = extract(response, TOKEN_REGEX);
String secret = extract(response, SECRET_REGEX);
return new Token(token, secret, response);

Which contains token secret.

But in OAuth2.0, there is no token secret, but refresh_token instead. Scribe simply ignores it:

Preconditions.checkEmptyString(response, "Cannot extract a token from a null or empty String");
Matcher matcher = accessTokenPattern.matcher(response);
if(matcher.find())
{
  return new Token(matcher.group(1), "", response);
}
else
{
  throw new OAuthException("Cannot extract an acces token. Response was: " + response);
}

This causes a problem. The access token may expire in the future. I have to refresh access token by saved refresh token in every login pregress, but there is no way to get it directly.

I planned to improve scribe add this feature (it's not difficult)... but has anyone already done this ?

È stato utile?

Soluzione

What you say is true. Scribe doesn't give you a refresh method for your access tokens. Scribe was meant to make OAuth signatures easy. OAuth2.0 is pretty easy and if everybody were doing OAuth2, there would be arguably no purpose for scribe (it shines on 1.0a flows).

Anyway, you can easily do the refresh step like this:

OAuthRequest request = new OAuthRequest(Verb.POST, "http://server.example.com/token");
request.addBodyParameter("grant_type", "refresh_token");
request.addBodyParameter("refresh_token", accessToken.getToken()); // were accessToken is the Token object you want to refresh.

request.send();

Hope that helps!

Altri suggerimenti

You can do that using the following code (google provider as example)

OAuthRequest request = new OAuthRequest(Verb.POST,"https://accounts.google.com/o/oauth2/token");
    request.addBodyParameter("grant_type", "refresh_token");
    request.addBodyParameter("refresh_token", accessToken.getToken()); // were accessToken is the Token object you want to refresh.
    request.addBodyParameter("client_id", your clientID);
    request.addBodyParameter("client_secret", your clientSecret);
    Response response = request.send();
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top