Closed asamofal closed 9 months ago
Hey @asamofal
This is not something I originally anticipated when building the client credential support but looking at the RFC 6749 spec it does look like "Issuing a refresh token is optional at the discretion of the authorization server.".
I would recommend writing a function on your connector to manually refresh this access token and build a separate request for it. I'll also take a note to add this to v4 when I start working on it.
@Sammyjo20
Okay, good to know 👍 Probably shouldn't be too hard in implementation, looks pretty similar to what we already have in AuthorizationCodeGrant
...
You should be able to achieve it by extending the following methods:
createOAuthAuthenticatorFromResponse
createOAuthAuthenticator
and then implement a refresh token request.
I'm going to close the issue - but please let me know if you have any questions.
This is my workaround for anyone who will face the same issue as me. Will be glad if one of the new Saloon versions supports it out of the box.
class MyConnector extends Connector
{
use ClientCredentialsGrant;
use AcceptsJson;
private function __construct(
private readonly string $clientKey,
) {
$authenticator = $this->getAccessToken();
$this->authenticate($authenticator);
}
public function resolveBaseUrl(): string
{
return '';
}
protected function defaultOauthConfig(): OAuthConfig
{
return OAuthConfig::make()
->setClientId('')
->setClientSecret('')
->setAuthorizeEndpoint('authorize')
->setTokenEndpoint('/oauth/token');
}
/**
* @throws JsonException
*/
protected function createOAuthAuthenticatorFromResponse(Response $response): OAuthAuthenticator
{
$responseData = $response->object();
$accessToken = $responseData->access_token;
$expiresAt = null;
if (isset($responseData->expires_in) && is_numeric($responseData->expires_in)) {
$expiresAt = (new DateTimeImmutable())->add(
DateInterval::createFromDateString((int) $responseData->expires_in . ' seconds')
);
}
$refreshToken = $responseData->refresh_token ?: null;
return new AccessTokenAuthenticator($accessToken, $refreshToken, $expiresAt);
}
/**
* @throws FatalRequestException
* @throws RequestException
* @throws JsonException
*/
public function send(Request $request, MockClient $mockClient = null, callable $handleRetry = null): Response
{
if ($this->authenticator?->hasExpired()) {
$refreshTokenResponse = parent::send(
new GetRefreshTokenRequest(
$this->oauthConfig,
$this->authenticator->getRefreshToken()
)
);
$authenticator = $this->createOAuthAuthenticatorFromResponse($refreshTokenResponse);
$this->authenticate($authenticator);
}
return parent::send($request, $mockClient, $handleRetry);
}
}
@Sammyjo20 I even think I can prepare a PR for this for v3 (this should not break anything) but I'm missing one piece - what calls refreshAccessToken
method from AuthorizationCodeGrant
?
Hi! I noticed that
Refreshing Access Tokens
section is missing in theClient Credentials Grant
docs section, andrefreshAccessToken
method is missing inClientCredentialsGrant
trait, the refresh token doesn't go toAccessTokenAuthenticator
even. Could you please explain why this is the case?I'm currently working on integrating with this API, and it appears that I'll need to refresh the tokens. Could you guide how to proceed with this?