Date
1 - 9 of 9
CF UAA Refresh Token
|
Keagan Mendoza
Hi,
I am searching for a way to get a refresh token and I haven't been able to do so. I did not find any info on the way to refresh a token. I was looking for some docs externally and found some examples and drafted this: Using Node.js refreshUserToken: function (req, res) { var request = require('request'); var pems = require('intel-cacerts').list; var options = { uri: req.body.url, ca: pems, headers:{ 'Authorization' : 'bearer ' + req.query.token }, form:{ refresh_token: req.body.refresh_token, client_id: 'cf', grant_type: 'refresh_token' } }; This is the error I get: {"error":"unauthorized","error_description":"An Authentication object was not found in the SecurityContext"} Thanks, Keagan Mendoza |
|
|
|
Paul Bakare
This is an issue with authorization.
You have to use a user with the correct scope. Specifically, use a client with a scope/authority of 'uaa.admin' The easiest way is to use the 'app' client to generate a refresh token for a user. On Mon, Aug 24, 2015 at 7:16 PM, Keagan Mendoza <keagan.mendoza(a)intel.com> wrote: Hi, |
|
|
|
Aaron Huber
Not sure I understand that. When you get a token you also automatically get
a refresh token - are you saying the refresh token given isn't valid and we have to generate a new refresh token as an admin user? To clarify, all we're trying to do is renew the token when it expires so the user doesn't have to log in again. Aaron -- View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-CF-UAA-Refresh-Token-tp1338p1340.html Sent from the CF Dev mailing list archive at Nabble.com. |
|
|
|
Filip Hanik
Simple test that does what you need
https://github.com/cloudfoundry/uaa/blob/develop/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/RefreshTokenSupportIntegrationTests.java#L147-L150 we can help investigate more if you post your token here On Mon, Aug 24, 2015 at 11:37 AM, aaron_huber <aaron.m.huber(a)intel.com> wrote: Not sure I understand that. When you get a token you also automatically |
|
|
|
Filip Hanik
Your authorization header should be Basic (meaning, you need the client id
toggle quoted message
Show quoted text
and secret to retrieve the refresh token) On Mon, Aug 24, 2015 at 11:48 AM, Filip Hanik <fhanik(a)pivotal.io> wrote:
Simple test that does what you need |
|
|
|
Aaron Huber
So we're just using the cf client which doesn't have a secret defined, is
that why we need to use the admin client? -- View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-CF-UAA-Refresh-Token-tp1338p1344.html Sent from the CF Dev mailing list archive at Nabble.com. |
|
|
|
Filip Hanik
cf client is fine. put empty string as a password
Filip On Mon, Aug 24, 2015 at 12:54 PM, aaron_huber <aaron.m.huber(a)intel.com> wrote: So we're just using the cf client which doesn't have a secret defined, is |
|
|
|
Keagan Mendoza
That did the trick, thanks Filip.
Using Basic auth, cf as client id and an empty password is the solution Keagan |
|
|
|
Piotr Przybylski <piotrp@...>
Is refresh token always returned, for all the grant types ? It seems to be
the case for authorization_code grant type but I don't think it is returned for client credentials grant. Piotr |------------> | From: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |aaron_huber <aaron.m.huber(a)intel.com> | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | To: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |cf-dev(a)lists.cloudfoundry.org | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Date: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |08/24/2015 10:44 AM | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Subject: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |[cf-dev] Re: Re: CF UAA Refresh Token | >--------------------------------------------------------------------------------------------------------------------------------------------------| Not sure I understand that. When you get a token you also automatically get a refresh token - are you saying the refresh token given isn't valid and we have to generate a new refresh token as an admin user? To clarify, all we're trying to do is renew the token when it expires so the user doesn't have to log in again. Aaron -- View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-CF-UAA-Refresh-Token-tp1338p1340.html Sent from the CF Dev mailing list archive at Nabble.com. |
|
|
