PHP Classes

Refresh token

Recommend this page to a friend!

      PHP OAuth Library  >  All threads  >  Refresh token  >  (Un) Subscribe thread alerts  
Subject:Refresh token
Summary:Implementation of refresh token workflow
Author:Ariel Barreiro
Date:2012-11-29 23:10:03
Update:2013-03-15 08:32:32

  1. Refresh token   Reply   Report abuse  
Ariel Barreiro - 2012-11-29 23:10:03
Do you think it's too hard to implement the refresh token workflow within the class?

  2. Re: Refresh token   Reply   Report abuse  
Manuel Lemos - 2012-11-30 04:18:47 - In reply to message 1 from Ariel Barreiro
No, it would not be hard.

I did not see any OAuth server issuing refresh tokens either. Which servers you know that issue refresh tokens?

  3. Re: Refresh token   Reply   Report abuse  
Stuart Laverick - 2012-12-12 19:53:13 - In reply to message 2 from Manuel Lemos
Hello Manuel,
Googles API OAuth server uses refresh tokens: ...
Without wanting to hack the class, how would you recommend we capture the returned refresh token?
I can see how to add the access_type=offline to the url between the Initialize call and the Process call, but the Process function does not capture the refresh_token parameter returned from the server, so I cannot store it via my overloaded StoreAccessToken.
Any help appreciated, thanks.

  4. Re: Refresh token   Reply   Report abuse  
Manuel Lemos - 2012-12-12 23:04:21 - In reply to message 3 from Stuart Laverick
I may need to study this further but the way I see it, refresh tokens are for when the current token expires. So a check could be placed before the next API call and attempt to get a new token.

The new token replaces the old one, so I do not follow why do you think StoreAccessToken would be an appropriate way to update a refreshed token.

Just keep in mind that since tokens are meant to be used for offline access, using the default storage that relies in sessions, is not a good solution to store tokens because when the user is not present the sessions do not exist.

  5. Re: Refresh token   Reply   Report abuse  
Stuart Laverick - 2012-12-13 10:43:47 - In reply to message 4 from Manuel Lemos
I have over loaded the StoreAccessToken and GetAccessToken so they both store to the DB locally.
For offline access the Google tokens are short lived (3920 seconds) and will require a new authentication if left to expire.
My plan is to store the refresh token and before each API call to check the expiry on the stored access token, if too old, then use the refresh token to get a new access token.
My only problem is getting and storing the refresh token, as it is passed back as part of the authentication process if access_type=offline is passed in the request. However your class does not pass this through to StoreAccessToken, so I cannot get it to store for later use.

  6. Re: Refresh token   Reply   Report abuse  
Manuel Lemos - 2012-12-20 04:17:33 - In reply to message 5 from Stuart Laverick
I have not studied this in depth because I did not yet had the time, but the way I see it to get also a refresh token is just a matter of adjusting the dialog URL to include the access_type=offline parameter.

If a refresh token is returned by the server, the class would pass it to the StoreAccessToken function.

  7. Re: Refresh token   Reply   Report abuse  
Steve Penn - 2013-02-12 14:13:24 - In reply to message 6 from Manuel Lemos
Within Box the reply is sent back with the standard response so it is just a case of within the class just inserting

line 1170 - 1173

$access_token = array(
'value'=>$this->access_token = $response['access_token'],
'refresh_token' => $this->refresh_token = $response['refresh_token'],

Then just use CallAPI to get a new access token, but I've been looking into google (as my other post) and I'm not sure where I could change this class to set the new parameters, I know which need to be set but seeing them is a different issue :P.

if you could give me the line which first calls the api (after initialisation) then it would be simples :P (just a case of editing the URL parameters (as stated above =])).

  8. Re: Refresh token   Reply   Report abuse  
Steve Penn - 2013-02-12 14:18:26 - In reply to message 7 from Steve Penn
sorry the lines were 1771 - 1773 (my bad)

  9. Re: Refresh token   Reply   Report abuse  
Steve Penn - 2013-02-14 12:02:16 - In reply to message 8 from Steve Penn
on line 1315 replace that line with this:

$this->dialog_url = '{CLIENT_ID}&redirect_uri={REDIRECT_URI}&scope={SCOPE}&state={STATE}&access_type=offline&approval_prompt=auto';

The approval prompt will work as is first time but if you do not save it it will try and make a new access token without offline access if this happens replace 'auto' with 'force' and it will take you back to the approval page.

to gather the refresh token refer to my post above (may be out by 3 or 4 lines because i added the box functionality to the class previously)

i'm not sure where to go from here though, Thank you for this wonderful class =] it has already helped me heaps and bounds and now I just need to get files via Drive (i am lost with that XD) but thanks again =]

  10. Re: Refresh token   Reply   Report abuse  
Manuel Lemos - 2013-03-15 08:32:32 - In reply to message 5 from Stuart Laverick
OK, I have added support for refresh tokens. The class calls GetAccessToken from the CallAPI function if the access_token variable is not set.

If the token expired, the CallAPI function attempts to obtain a new token. Then it calls StoreAccessToken to store the new access_token value.

Note that these functions must store and retrieve a new entry in the access token array named 'refresh_token', so the class can use it to refresh the token when it expires.

It is working with either Google and