Closed tsileo closed 1 year ago
@tsileo Could you arrange a test account for me to test this and other related features (e.g. #563)
Yes, I will try to setup an instance and give you credentials this weekend.
Can you provide me an email where I can send them?
Thanks!
@tsileo please use andstatus@gmail.com
@yvolk email sent, thanks a lot!
Hello @tsileo ! I made the first test of the newly implemented "refresh-access" feature. As you suggested, on getting "401 UNAUTHORIZED" response during a timeline request AndStatus launches the asynchronous "refresh-access" command. The "refreshAccessToken" request implemented in ScribeJava library, so currently I don't see exact request posted to your server, but in the response I got "Internal Server Error" from the library.
Could you advise, what was wrong at the server side?
Please see the screenshot from AndStatus (time is UTC):
01-30 05:51:36.339 5/CommandExecutorStrate99: refresh-access,
Status code: OK; soft; Unexpected exception
Caused by com.github.scribejava.core.model.OAuth2AccessTokenErrorResponse: Internal Server Error
Hey, thanks!
The form data was:
form_data=FormData([('scope', 'read write follow'), ('refresh_token', '<redacted>'), ('grant_type', 'refresh_token')])
It's missing the client_id
. I've seen it required in the OAuth 2.0 spec.
Thank you, it works now. I posted v.60.02 to #456 with this change.
Awesome, thank you!
If the OAuth access token response contains a
refresh_token
, it should be stored and a refresh should be attempted when the token is expired (or when hitting a 401?).Example response from microblog.pub:
Making a
POST
to the token endpoint withgrant_type=refresh_token
+refresh_token
+client_id
will return the same response as with the authorization code grant + a new refresh token (the spec recommends returning a new one and checking for double use).Thanks! Let me know if I missed some details.