Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Implement OAuth 2.0 refresh access token #253

Closed
wants to merge 1 commit into from

6 participants

@tbruyelle

Some OAuth providers ask to extend the access token expiration date, in
order to continue using it.
Microsoft Live do that, and it will be soon mandatory for Facebook
because they will deprecate the 'offline_access' permission.

To refresh an access token, you need to access the accessTokenEndPoint
with other parameters like a specific 'grant_type' parameter.

@tbruyelle tbruyelle Implement OAuth 2.0 refresh access token
Some OAuth providers ask to extend the access token expiration date, in
order to continue using it.
Microsoft Live do that, and it will be also soon mandatory for Facebook
because they will deprecate the 'offline_access' permission.

To refresh an access token, you need to access the accessTokenEndPoint
with other parameters like a specific 'grant_type' parameter.
b228788
@yosaku01

Is change only for Microsoft Live/Facebook?
Has it been tested for other web service api, etc. Foursquare/Twitter?

@tbruyelle

It has been tested only for Live and Facebook.
But there is no reason it shouldn't work for others. Just override the method getRefreshTokenParameterName() with the correct value (it depends how the provider implements oauth2).

@yosaku01

ok, I will try it in github api.Thank you.

@tbruyelle

Nice, please tell me if it works as expected.

@Kobee1203

I am really interested in this improvement.
It is possible to add it to the next version ?

@tbruyelle

I think no, but you can use my fork.

@mlaccetti

Any chance this will get merged in - refresh tokens are pretty key these days.

@fernandezpablo85

No.

@mradamlacey

Could you provide some more reasoning behind not including this feature? Is there another pull request that includes this feature that did get merged?

@fernandezpablo85

No. Refresh tokens are not in every provider so there's no point in adding a method to the base class that will throw 90% of the time.

https://github.com/fernandezpablo85/scribe-java/pull/253/files#L4R90

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Apr 24, 2012
  1. @tbruyelle

    Implement OAuth 2.0 refresh access token

    tbruyelle authored
    Some OAuth providers ask to extend the access token expiration date, in
    order to continue using it.
    Microsoft Live do that, and it will be also soon mandatory for Facebook
    because they will deprecate the 'offline_access' permission.
    
    To refresh an access token, you need to access the accessTokenEndPoint
    with other parameters like a specific 'grant_type' parameter.
This page is out of date. Refresh to see the latest.
View
7 src/main/java/org/scribe/builder/api/DefaultApi20.java
@@ -67,4 +67,11 @@ public OAuthService createService(OAuthConfig config)
return new OAuth20ServiceImpl(this, config);
}
+ /**
+ * @return the parameter needed to refresh a access token.
+ */
+ public String getRefreshTokenParameterName()
+ {
+ throw new UnsupportedOperationException("Refresh token is not implemented for "+getClass().getSimpleName());
+ }
}
View
6 src/main/java/org/scribe/builder/api/FacebookApi.java
@@ -30,4 +30,10 @@ public String getAuthorizationUrl(OAuthConfig config)
return String.format(AUTHORIZE_URL, config.getApiKey(), OAuthEncoder.encode(config.getCallback()));
}
}
+
+ @Override
+ public String getRefreshTokenParameterName()
+ {
+ return "fb_exchange_token";
+ }
}
View
6 src/main/java/org/scribe/builder/api/LiveApi.java
@@ -37,4 +37,10 @@ public AccessTokenExtractor getAccessTokenExtractor()
{
return new JsonTokenExtractor();
}
+
+ @Override
+ public String getRefreshTokenParameterName()
+ {
+ return "refresh_token";
+ }
}
View
1  src/main/java/org/scribe/model/OAuthConstants.java
@@ -45,5 +45,6 @@
public static final String CLIENT_SECRET = "client_secret";
public static final String REDIRECT_URI = "redirect_uri";
public static final String CODE = "code";
+ public static final String GRANT_TYPE = "grant_type";
}
View
8 src/main/java/org/scribe/oauth/OAuth10aServiceImpl.java
@@ -85,6 +85,14 @@ public Token getAccessToken(Token requestToken, Verifier verifier)
/**
* {@inheritDoc}
*/
+ public Token refreshAccessToken(Token accessToken)
+ {
+ throw new UnsupportedOperationException("Refresh token is not supported in Scribe OAuth 1.0");
+ }
+
+ /**
+ * {@inheritDoc}
+ */
public void signRequest(Token token, OAuthRequest request)
{
config.log("signing request: " + request.getCompleteUrl());
View
22 src/main/java/org/scribe/oauth/OAuth20ServiceImpl.java
@@ -40,6 +40,28 @@ public Token getAccessToken(Token requestToken, Verifier verifier)
/**
* {@inheritDoc}
*/
+ public Token refreshAccessToken(Token accessToken)
+ {
+
+ String accessTokenEndpoint = api.getAccessTokenEndpoint();
+ if (accessTokenEndpoint.contains("?grant_type="))
+ {
+ // handle the ugly case where the grant_type parameter is already hardcoded in the constant url
+ accessTokenEndpoint = accessTokenEndpoint.substring(0, accessTokenEndpoint.indexOf("?"));
+ }
+ OAuthRequest request = new OAuthRequest(api.getAccessTokenVerb(), accessTokenEndpoint);
+ request.addQuerystringParameter(OAuthConstants.CLIENT_ID, config.getApiKey());
+ request.addQuerystringParameter(OAuthConstants.CLIENT_SECRET, config.getApiSecret());
+ request.addQuerystringParameter(OAuthConstants.REDIRECT_URI, config.getCallback());
+ request.addQuerystringParameter(OAuthConstants.GRANT_TYPE, api.getRefreshTokenParameterName());
+ request.addQuerystringParameter(api.getRefreshTokenParameterName(), accessToken.getToken());
+ Response response = request.send();
+ return api.getAccessTokenExtractor().extract(response.getBody());
+ }
+
+ /**
+ * {@inheritDoc}
+ */
public Token getRequestToken()
{
throw new UnsupportedOperationException("Unsupported operation, please use 'getAuthorizationUrl' and redirect your users there");
View
13 src/main/java/org/scribe/oauth/OAuthService.java
@@ -28,6 +28,19 @@
public Token getAccessToken(Token requestToken, Verifier verifier);
/**
+ * Refresh the access token to extend its expiration date.
+ * <p/>
+ * For the token in parameter, Facebook needs the access_token, while Live
+ * needs the refresh_token (which can be found only in the
+ * {@link org.scribe.model.Token#getRawResponse()} returned by
+ * {@link #getAccessToken(org.scribe.model.Token, org.scribe.model.Verifier)})
+ *
+ * @param accessToken access or refresh token, depending on the OAuth provider
+ * @return fresh access token
+ */
+ public Token refreshAccessToken(Token accessToken);
+
+ /**
* Signs am OAuth request
*
* @param accessToken access token (obtained previously)
Something went wrong with that request. Please try again.