How can I get access Token for other use?

[emersonku]

Hi I have successfully got access token by using user password grant with NXOAuth2Client. Now I want to retrieve this access token because all my code has been developed to use Restkit to retrieve resources. I need to use this access token so that my Restkit codes can retrieve resources:

[sharedManager.HTTPClient setDefaultHeader:accessToken];

Any idea would be appreciated...

[toto]

You need to get your NXOAuth2Account from NXOAuth2AccountStore. It has an accessToken property. Be sure to observe token refresh using the notifications.

The NXOAuth2Client (if you are using the low level way, which is not recommended) also has a accessToken property.

[emersonku]

Thanks Toto. I have two questions:

1. I noticed that the token string in accessToken is in a format below. It isn't accepted by the authorisation server if I sent this as HTTP header. I need to modify the header as "Bearer CecfrU9qrprJjpYdvCBcCUKWOKJQshIWlUKqEHdz". How can I effectively parse the NXO format into the IETF standard?

<NXOAuth2Token token:CecfrU9qrprJjpYdvCBcCUKWOKJQshIWlUKqEHdz refreshToken:(null) expiresAt:2015-05-12 07:45:44 +0000 tokenType: Bearer>

1. There are multiple "account" when I retrieve the array of accounts via [[NXOAuth2AccountStore sharedStore] accounts]. And the list grows. Should I just retrieve the lastObject if I want to get the latest token that I requested?
2. Is it a general practice to request a new token whenever application starts instead of storing the accessToken into keychain?

Thank you very much!

[emersonku]

Sorry above are three questions not two ^_^

[emersonku]

I think I got the answers, please please confirm if I'm wrong:

• NXOAuth2Client will store all the tokens (in the Keychain) in the [[NXOAuth2AccountStore sharedStore]accounts]
• I don't need to parse the the result because I can retrieve the various parameters by using KVO Mapping. For example, the refresh token string is in [[account accessToken]refreshToken]

And please bear with me for these questions: 1) I encounter the problem of using responseBody ( [[account accessToken]responseBody]) in accessing resources (by setting HTTPClient header). I know the format of the responseBody is IETF compliant, however my backend just rejected it (I'm using lucadegasperi/oauth2-server-laravel). Status code 401, message is "The resource owner or authorization server denied the request". Any idea?

2) How can I observe the token refresh notification? I can't find it in the documentation... or please direct me to it if I'm missing it

3) Is it a manual process to check the expiry date of access token and then send the refresh token if it is expired? I know it's all auto if I'm using the built in resources request method. But since I'm using Restkit for that case it does not seem trivial to me anymore.

Thanks

[emersonku]

I have sorted out all questions above except No. 2.

Question: How can I observe the token refresh notification? I can't find it in the documentation... or please direct me to it if I'm missing it

Please help...