access-token

In Microsoft oData v4 proxy client, there is an option to add auth token into each request. It can be achieved by following way: var container = new Default.Container(new Uri(http://localhost:9000/)); //Registering the handle to the BuildingRequest event. container.BuildingRequest += (sender, e) => OnBuildingRequest(sender, e, accessToken); //Every time a OData request is build it adds an Authorization Header with the acesstoken private static void OnBuildingRequest(object sender, BuildingRequestEventArgs e, TokenResponse token) { e.Headers.Add("Authorization", "Bearer " + token.AccessToken);

We are in the process of developing a in house mobile application and web api. We are using asp.net web api 2 with asp.net Identy 2 OAuth. I have got the api up and running and giving me a bearer token. However I want to slightly modify the process flow to something like along the lines of this: App user logs in to api with username and password. App receives Refresh-token which is valid for 30 days. App then requests an access token providing the api with the refresh token. ( Here I want to be able to invalidate a request if the user has changed their password or their account has been locked

I'm trying to create test users for my Facebook application. They announced this functionality in this blog post in November (http://developers.facebook.com/blog/post/429) and it is documented here ( http://developers.facebook.com/docs/test_users/ ). I could not find the answer to this elsewhere... According to the documentation, "You can create a test user associated with a particular application using the Graph API with the application access token." This links to the section "Autenticating as an Application" and describes this CURL script: curl -F grant_type=client_credentials \ -F client

with my app's administrator acount on facebook my app work normally, but with other account I get error: Fatal error: Uncaught OAuthException: An active access token must be used to query information about the current user. I had this problem before with other app (publish text on the user's wall), but fixed after i added $user = $facebook->getUser(); What's wrong here? I have added offline_access permission... Help me, please if you can, Thank you very much. <?php require_once('images/Facebook.php'); $facebook = new Facebook(array( 'appId' => '456080124457246', 'secret' =>

Hi Everyone I created a RESTful API with authentication with token (Rails 4 + Devise), Also I manage the CORS implementation with a gem(rack-cors) but now I would like use the API with angular.js For this I do this: var app = angular.module('models'); app.factory('Session',['$resource',function($resource){ var Session = $resource( 'http://api.creositios.dev/sessions/:id', {}, { create: { method: 'POST'}, delete: { method: 'DELETE', params: { id: '@id'} } } ); return Session; }]); And this is my controller app = angular.module('controllers'); app.controller('SessionCtrl',['$scope','Session'

I am using IdentityServer4, and its configuration is in the database. There is a silent renewal on the client (oidc). I have set the following lifetime settings for the client: AbsoluteRefreshTokenLifetime = 60 * 30,//30 mins AccessTokenLifetime = 60 * 5,//5 mins SlidingRefreshTokenLifetime = 60 * 15 // 15 mins What should happen? How long should be the lifetime of the token? When should the user be asked to login again? There is no clear documentation about the token lifetime when its refreshed, and when it is expired. Access tokens can come in two flavours - self-contained or reference. A

I am building a token based authentication (Node.js using passport/JWT with an angular client). After the user enter his credentials he gets an access token, which he sends in every request inside the header (header: bearer TOKEN). I don't want to prompt a login request everytime his access token expires (about everyday I guess), I've heard about the Refresh Tokens . The refresh token never expires (or rarely expires) and able to renew tokens indefinitely.When the access token is about to expire, the client can send a renew request to get a new access token by sending his refresh token. I don