REST API : access_token expiration problem

Former Member
Former Member

Hi, 

Currently we  are able to generate new access_token for authentication of REST API & it is giving 200 status code along with access_token, refresh_token, expires_in & token_type.

Current scenario: Once this generated access_token expires which is around 24hours after version upgrade, we are still getting 200 status code with html response as given in below screenshots.

Expected scenario: It should give 403 error code with access_token expires message as coming previously.

Parents
  • The error page you are getting is a Microsoft page, which to me indicates you have a custom authentication scheme  that is somehow intercepting this request.  The REST Api won't attempt to  "log you in" which is what it seems to be trying to do.  I would test without your custom authentication.

  • Former Member
    0 Former Member in reply to Patrick M.

    Hi,

    I am Using the Authorization Code Grant Type as per documentation(community.telligent.com/.../authentication, by which if it is success call, then response is 200 status code along with access_token, refresh_token, expires_in, token_type & the expiry of access_token is 24 hours.

    Once access_token expired then previously it gives 403 status code with error message.

    But in current scenario, when generated access_token expires which is around 24hours after version upgrade, we are still getting 200 status code with html response as given in below screenshots.

    Hope you test this scenario, so please provide some solution, as i already attaching screenshot

Reply
  • Former Member
    0 Former Member in reply to Patrick M.

    Hi,

    I am Using the Authorization Code Grant Type as per documentation(community.telligent.com/.../authentication, by which if it is success call, then response is 200 status code along with access_token, refresh_token, expires_in, token_type & the expiry of access_token is 24 hours.

    Once access_token expired then previously it gives 403 status code with error message.

    But in current scenario, when generated access_token expires which is around 24hours after version upgrade, we are still getting 200 status code with html response as given in below screenshots.

    Hope you test this scenario, so please provide some solution, as i already attaching screenshot

Children
  • Your screenshots are showing a microsoft login page as a response, none of which would happen in a community OAuth flow.  This means you probably have custom authentication which at this point might be interfering with oauth.  The 200 in your screenshot is because instead of a REST response, you are getting an html login screen of some type.

  • Former Member
    0 Former Member in reply to Patrick M.

    For more clarity please follow below process.


    1)localhost/.../authorize
    Hit this url In browser & take code from there


    2) use below curl request for generate access_token & refresh_token
    curl --location --request POST 'localhost/.../token' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data-urlencode 'grant_type=authorization_code' \
    --data-urlencode 'client_id=8be683f8-client-id********' \
    --data-urlencode 'client_secret=cmcs_client scret******' \
    --data-urlencode 'code=code which you get from above url********' \
    --data-urlencode 'redirect_uri=http://localhost/'


    3) Once you get data then hit below curl
    curl --location --request POST 'localhost/.../threads.json' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --header 'Authorization: Bearer cmtk_1_i4nJQ9o2UV8Wh8w+zcSEMIvXiaVF1zcsF9N8VqgabBB' \
    --header 'Cookie: AWSALB=6WpxEnxr3Ig33WK8cL8qdzf73dypz0ncoUIBmOswB3ZaivLovPJw6qMN40NDV6PbPNCighknazJ5WJjBRpsep8pJa8JwBEaC2fhjWOsi1d38E4z7ZjDLiMEKV8+I; AWSALBCORS=6WpxEnxr3Ig33WK8cL8qdzf73dypz0ncoUIBmOswB3ZaivLovPJw6qMN40NDV6PbPNCighknazJ5WJjBRpsep8pJa8JwBEaC2fhjWOsi1d38E4z7ZjDLiMEKV8+I; AWSALB=8U1NNWETb5Z32dTYRiEf0KgZB/MLNjT1932upaLRK9hYzhes7GdtXbmP0SUpZ05sZBnBJunOYToJMsCJHUxkYpRIgWpT7j9IRP/5UvnfhXpNkos3lDXCF/7r7nOH; AWSALBCORS=8U1NNWETb5Z32dTYRiEf0KgZB/MLNjT1932upaLRK9hYzhes7GdtXbmP0SUpZ05sZBnBJunOYToJMsCJHUxkYpRIgWpT7j9IRP/5UvnfhXpNkos3lDXCF/7r7nOH' \
    --data-urlencode 'Subject=MBAS-DEV' \
    --data-urlencode 'Body=MBAS Forum Thread Test from api calls'

    You will get 200 status with html response, but what we required 403 error with message.

    So as we follow custom authentication but during above procedure Telligent didn't provide proper response of status 403 when access_token expire.

    I hope this time you have some understanding what issue i am facing, if you still want some more clarity then follow above procedure on local setup.

    I need some solution, please provide it

  • Please Turn off your custom authentication and try again.  Following your exact screenshots, your 200 is not the result of validating a token.  You are getting and HTML login page which is evident in the response body.  It is not hitting REST, or community for that matter.

    Additionally, expired access tokens will issue a 401 response, not 403.   This is inline with OAuth, if in the past it did differently then that would have been a bug.   Later versions of 12 utilize a more OAuth compliant infrastructure.

  • Former Member
    0 Former Member in reply to Patrick M.

    Hi Patrick,

    We are not using any custom authentication code in my local setup & our platform version is 12.0.4.18802 here, but still getting same html response with 200 status code while access_code expire.

    1)localhost/.../authorize
    Hit this url In browser & take code from there


    2) use below curl request for generate access_token & refresh_token
    curl --location --request POST 'localhost/.../token' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data-urlencode 'grant_type=authorization_code' \
    --data-urlencode 'client_id=8be683f8-client-id********' \
    --data-urlencode 'client_secret=cmcs_client scret******' \
    --data-urlencode 'code=code which you get from above url********' \
    --data-urlencode 'redirect_uri=http://localhost/'

    If we are missing something, Please guide us on same area.

    Thanks