We have an application that requires a user to authenticate and then the calls require a valid OAuth 2.0 token. OAuth 2.0 token the authorized user is using the app longer than the OAuth is set to expire. What options are there for the user to continue using the application with the same OAuth token or does the application have to get a new OAuth 2.0 token for the user to continue?
Is there any way to refresh an expired OAuth 2.0 token?
1 Like
When the token expires, the token is no longer useful. The app cannot continue to use it. but, the app can get a new token, and use THAT one.
OAuth2.0 provides a way for apps to get a new token, using the refresh_token. To make this work, the proxy should:
- return 401 Unauthorized, when the token is expired, with a message indicating something like “expired oauth token”. You can do this with a FaultRule containing an AssignMessage policy. In the FaultRule, use a Condition fault.name = “access_token_expired”.
The app must:
- handle the 401 return code (check the message for “Expired oauth token” )
- POST to the /token endpoint with the refresh token
- retrieve the new token
- re-try the failed request
Your OAuth endpoint must support the refresh flow!