Date
1 - 9 of 9
CF UAA Refresh Token
Piotr Przybylski <piotrp@...>
Is refresh token always returned, for all the grant types ? It seems to be
the case for authorization_code grant type but I don't think it is returned
for client credentials grant.
Piotr
|------------>
| From: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|aaron_huber <aaron.m.huber(a)intel.com> |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|cf-dev(a)lists.cloudfoundry.org |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|08/24/2015 10:44 AM |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Subject: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|[cf-dev] Re: Re: CF UAA Refresh Token |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
Not sure I understand that. When you get a token you also automatically
get
a refresh token - are you saying the refresh token given isn't valid and we
have to generate a new refresh token as an admin user? To clarify, all
we're trying to do is renew the token when it expires so the user doesn't
have to log in again.
Aaron
--
View this message in context:
http://cf-dev.70369.x6.nabble.com/cf-dev-CF-UAA-Refresh-Token-tp1338p1340.html
Sent from the CF Dev mailing list archive at Nabble.com.
the case for authorization_code grant type but I don't think it is returned
for client credentials grant.
Piotr
|------------>
| From: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|aaron_huber <aaron.m.huber(a)intel.com> |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|cf-dev(a)lists.cloudfoundry.org |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|08/24/2015 10:44 AM |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Subject: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|[cf-dev] Re: Re: CF UAA Refresh Token |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
Not sure I understand that. When you get a token you also automatically
get
a refresh token - are you saying the refresh token given isn't valid and we
have to generate a new refresh token as an admin user? To clarify, all
we're trying to do is renew the token when it expires so the user doesn't
have to log in again.
Aaron
--
View this message in context:
http://cf-dev.70369.x6.nabble.com/cf-dev-CF-UAA-Refresh-Token-tp1338p1340.html
Sent from the CF Dev mailing list archive at Nabble.com.
Filip Hanik
cf client is fine. put empty string as a password
Filip
On Mon, Aug 24, 2015 at 12:54 PM, aaron_huber <aaron.m.huber(a)intel.com>
wrote:
Filip
On Mon, Aug 24, 2015 at 12:54 PM, aaron_huber <aaron.m.huber(a)intel.com>
wrote:
So we're just using the cf client which doesn't have a secret defined, is
that why we need to use the admin client?
--
View this message in context:
http://cf-dev.70369.x6.nabble.com/cf-dev-CF-UAA-Refresh-Token-tp1338p1344.html
Sent from the CF Dev mailing list archive at Nabble.com.
Aaron Huber
So we're just using the cf client which doesn't have a secret defined, is
that why we need to use the admin client?
--
View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-CF-UAA-Refresh-Token-tp1338p1344.html
Sent from the CF Dev mailing list archive at Nabble.com.
that why we need to use the admin client?
--
View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-CF-UAA-Refresh-Token-tp1338p1344.html
Sent from the CF Dev mailing list archive at Nabble.com.
Filip Hanik
Your authorization header should be Basic (meaning, you need the client id
and secret to retrieve the refresh token)
toggle quoted message
Show quoted text
and secret to retrieve the refresh token)
On Mon, Aug 24, 2015 at 11:48 AM, Filip Hanik <fhanik(a)pivotal.io> wrote:
Simple test that does what you need
https://github.com/cloudfoundry/uaa/blob/develop/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/RefreshTokenSupportIntegrationTests.java#L147-L150
we can help investigate more if you post your token here
On Mon, Aug 24, 2015 at 11:37 AM, aaron_huber <aaron.m.huber(a)intel.com>
wrote:Not sure I understand that. When you get a token you also automatically
get
a refresh token - are you saying the refresh token given isn't valid and
we
have to generate a new refresh token as an admin user? To clarify, all
we're trying to do is renew the token when it expires so the user doesn't
have to log in again.
Aaron
--
View this message in context:
http://cf-dev.70369.x6.nabble.com/cf-dev-CF-UAA-Refresh-Token-tp1338p1340.html
Sent from the CF Dev mailing list archive at Nabble.com.
Filip Hanik
Simple test that does what you need
https://github.com/cloudfoundry/uaa/blob/develop/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/RefreshTokenSupportIntegrationTests.java#L147-L150
we can help investigate more if you post your token here
On Mon, Aug 24, 2015 at 11:37 AM, aaron_huber <aaron.m.huber(a)intel.com>
wrote:
https://github.com/cloudfoundry/uaa/blob/develop/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/RefreshTokenSupportIntegrationTests.java#L147-L150
we can help investigate more if you post your token here
On Mon, Aug 24, 2015 at 11:37 AM, aaron_huber <aaron.m.huber(a)intel.com>
wrote:
Not sure I understand that. When you get a token you also automatically
get
a refresh token - are you saying the refresh token given isn't valid and we
have to generate a new refresh token as an admin user? To clarify, all
we're trying to do is renew the token when it expires so the user doesn't
have to log in again.
Aaron
--
View this message in context:
http://cf-dev.70369.x6.nabble.com/cf-dev-CF-UAA-Refresh-Token-tp1338p1340.html
Sent from the CF Dev mailing list archive at Nabble.com.
Aaron Huber
Not sure I understand that. When you get a token you also automatically get
a refresh token - are you saying the refresh token given isn't valid and we
have to generate a new refresh token as an admin user? To clarify, all
we're trying to do is renew the token when it expires so the user doesn't
have to log in again.
Aaron
--
View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-CF-UAA-Refresh-Token-tp1338p1340.html
Sent from the CF Dev mailing list archive at Nabble.com.
a refresh token - are you saying the refresh token given isn't valid and we
have to generate a new refresh token as an admin user? To clarify, all
we're trying to do is renew the token when it expires so the user doesn't
have to log in again.
Aaron
--
View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-CF-UAA-Refresh-Token-tp1338p1340.html
Sent from the CF Dev mailing list archive at Nabble.com.
Paul Bakare
This is an issue with authorization.
You have to use a user with the correct scope. Specifically, use a client
with a scope/authority of 'uaa.admin'
The easiest way is to use the 'app' client to generate a refresh token for
a user.
On Mon, Aug 24, 2015 at 7:16 PM, Keagan Mendoza <keagan.mendoza(a)intel.com>
wrote:
You have to use a user with the correct scope. Specifically, use a client
with a scope/authority of 'uaa.admin'
The easiest way is to use the 'app' client to generate a refresh token for
a user.
On Mon, Aug 24, 2015 at 7:16 PM, Keagan Mendoza <keagan.mendoza(a)intel.com>
wrote:
Hi,
I am searching for a way to get a refresh token and I haven't been able to
do so. I did not find any info on the way to refresh a token. I was looking
for some docs externally and found some examples and drafted this:
Using Node.js
refreshUserToken: function (req, res) {
var request = require('request');
var pems = require('intel-cacerts').list;
var options = {
uri: req.body.url,
ca: pems,
headers:{
'Authorization' : 'bearer ' + req.query.token
},
form:{
refresh_token: req.body.refresh_token,
client_id: 'cf',
grant_type: 'refresh_token'
}
};
This is the error I get:
{"error":"unauthorized","error_description":"An Authentication object was
not found in the SecurityContext"}
Thanks,
Keagan Mendoza
Keagan Mendoza
Hi,
I am searching for a way to get a refresh token and I haven't been able to do so. I did not find any info on the way to refresh a token. I was looking for some docs externally and found some examples and drafted this:
Using Node.js
refreshUserToken: function (req, res) {
var request = require('request');
var pems = require('intel-cacerts').list;
var options = {
uri: req.body.url,
ca: pems,
headers:{
'Authorization' : 'bearer ' + req.query.token
},
form:{
refresh_token: req.body.refresh_token,
client_id: 'cf',
grant_type: 'refresh_token'
}
};
This is the error I get:
{"error":"unauthorized","error_description":"An Authentication object was not found in the SecurityContext"}
Thanks,
Keagan Mendoza
I am searching for a way to get a refresh token and I haven't been able to do so. I did not find any info on the way to refresh a token. I was looking for some docs externally and found some examples and drafted this:
Using Node.js
refreshUserToken: function (req, res) {
var request = require('request');
var pems = require('intel-cacerts').list;
var options = {
uri: req.body.url,
ca: pems,
headers:{
'Authorization' : 'bearer ' + req.query.token
},
form:{
refresh_token: req.body.refresh_token,
client_id: 'cf',
grant_type: 'refresh_token'
}
};
This is the error I get:
{"error":"unauthorized","error_description":"An Authentication object was not found in the SecurityContext"}
Thanks,
Keagan Mendoza