access-token

I'm aware that the Office 365 refresh tokens expire when the user changes their password, but I'm seeing them expire almost weekly for my customers. Is there something I've misconfigured when setting up my OAuth2 app in Azure? Usually, the access token lasts 1 hours, the refresh token lasts 14 days. According to the document Authorization Code Grant Flow , the lifetime of refresh token varies based on policy settings . In this case, you may check the Azure AD policy settings. The lifetime of the refresh token is not provided and varies based on policy settings and the time when the

I have been having some trouble with the facebook SDK, specifically retrieving an access token. The App is set up on Facebook correctly and has been given permission. As far as I can tell, the code is correct and I am not sure what is going wrong with getAccessToken(). $facebook->getAccessToken(); is returning "12345678|abcdefghijklmnop" , basically some kind of variable which is made up of the App ID and Secret ID separated by a | $facebook->getUser(); is returning ' 0 ' <?php require_once("facebook.php"); //Up-to-date SDK files from Git $app_id = "12345678"; //replaced with fake $app_secret

This question already has answers here : Facebook - permanent user access token (3 answers) Closed 6 years ago . My company has a corporate facebook account where they post event pics in different albums. My requirement is to get all the photos from facebook albums and show in our corporate website. I am able to fetch the photos but the user access token is valid only for 60 days which means every other two months i will have to login into company's corporate facebook account, regenerate the token and update the token in my application. Is there any way to generate to permanent access token ?

I'm following Google's great sample code for three-legged OAuth. Specifically, I'm looking at the python version of the code. I'm stuck between 'Upgrading to an access token' and 'Using an access token'. In 'Upgrading to an access token', there is a line of code as follows: access_token = client.GetAccessToken(request_token) In 'Using an access token', there is a line of code as follows: client.auth_token = gdata.gauth.OAuthHmacToken(CONSUMER_KEY, CONSUMER_SECRET, TOKEN, TOKEN_SECRET, gdata.gauth.ACCESS_TOKEN) I assume TOKEN and TOKEN_SECRET are packed into the access_token object ( gdata

There is Authorization OAuth2 Server to get access+refresh token . As far as i understand, access token can be stored on client-side , because it has short live circle. But can refresh token be stored there? According information that I've read, there is no secure way to do it (here) So, I have to implement separate server-side service, just to store refresh token . Am I right? Is it only one possible way to store refresh token ? P.S. Client-side: angularJS Yes you are right. If you cannot authenticate with the Authorisation server (i.e. pass client ID and secret) then you will only get a

This explains how token authentication works in rails when this lib is used. But, if this (as shown in image below) happens, should I sign-in again to get a new valid token that can be used for the next request? This doesn't seem so good as network failure might often happen; isn't there a simple "RETRY" way? EDIT: The server would accept the retry request, if it reaches within 5 seconds since the previous one, essentially treating it as a batch request . However, this wouldn't help solve my problem. 来源： https://stackoverflow.com/questions/39276885/what-happens-when-response-fails-to-reach-the

I'm using SlimFramework and JWT to handle token based authentication with login and password. I managed to login and send token in response. Here is my code: <?php require_once("vendor/autoload.php"); $app = new \Slim\Slim(); $app->add(new \Slim\Middleware\ContentTypes()); $app->post('/auth/login', function () use ($app) { $params = $app->request()->getBody(); if ($params['email'] == "login" && $params['password'] == "password") { $key = "example_key"; $token = array( "id" => "1", "exp" => time() + (60 * 60 * 24) ); $jwt = JWT::encode($token, $key); $app->response->headers->set('Content-Type',

With the help of this great MSDN article , my first idea was to simply check if the process is using an elevated Administrator group, and using AdjustTokenGroups() I would set the Administrator group to SE_GROUP_USE_FOR_DENY_ONLY . Unfortunately though, we can't modify the administrator group on the currently running process as it also has the SE_GROUP_MANDATORY attribute, which makes it inelligable for changing. The MSDN document has this to say about it: The AdjustTokenGroups function cannot disable groups with the SE_GROUP_MANDATORY attribute in the TOKEN_GROUPS structure. Use

I have developed an authentication mechanism in Asp.Net Web Api 2 with the feature for granting refresh tokens, based on the tutorial on Taiseer's blog. Here is my question. Assume the following scenario: A user logs in using password and get a refresh token and an access token. The access token in fact includes what roles he is in (hence his authorities within the app). In the mean time the system admin will change this person's roles, so once his access token expires and he wants to use the refresh token to obtain a new access token, his new access token must include the newly updated roles