Hi All, This is regarding OAuth token expiration and using Refresh Token for updating the Access Token.
*Problem:* This problem currently emerged from ESB Connectors. After configuring a connector according to documentation, it works fine for certain time and become not usable. *Reason:* Within the init of a connector we provide an Access Token. That Access Token will have an expiration time. So after expiration time, the connector will not be usable. *Explanation:* After a successful OAuth flow we receive an Access Token & a Refresh Token from the service. But within the current implementation of connectors the Refresh Token is not being used. According to OAuth 2 Authorization Framework Spec. (RFC 6749), at section "Refreshing an Access Token" following type of request can be used to obtain a new Access Token. POST /token HTTP/1.1 Host: server.example.com Authorization: Basic czZCaGRSa3FppppnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=refresh_token&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA Also, it is noted that server MAY issue a new Refresh token in the response and client should renew the Refresh Token too. Since refreshing Access Token implementation is not in connector implementation, connectors will not be usable for long running production environment. So, your thoughts on this would be highly appreciated. Thank you! -- Buddhima Wijeweera Software Engineer; WSO2 Inc.; http://wso2.com , Mobile: +94 71 427 9966 Email: [email protected] Blog: https://buddhimawijeweera.wordpress.com GitHub Profile: https://github.com/Buddhima
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
