401 Unauthorized after a few hours of continued use of app

jeroencouwenberg · February 18, 2019, 12:55pm

Hi,

We have developed a CTI for PureCloud using the Javascript SDK. We use the following CDN for this: https://sdk-cdn.mypurecloud.com/javascript/36.0.0/purecloud-platform-client-v2.min.js

We use the implicit grant flow to log into the session and from there on it works fine at first. The user can use the app and the app uses the API to answer or end calls. But after using the app for a certain period of time (a few hours) it receives a 401 Unauthorized when making a call:

api.mypurecloud.ie/api/v2/conversations/calls/c9f33d40-f245-4452-a9b0-21dd3f48b946/participants/e7ffac60-1a20-4d62-9b69-2e8b7ddd9ee2:1 Failed to load resource: the server responded with a status of 401 (Unauthorized)
purecloud-platform-client-v2.min.js:1 Error: Unauthorized
at C. (purecloud-platform-client-v2.min.js:1)
at C.n.emit (purecloud-platform-client-v2.min.js:1)
at XMLHttpRequest.i.onreadystatechange (purecloud-platform-client-v2.min.js:1)

The only way we can reproduce this is to let the OAuth token duration expire. However the customer has set this to 24 hours and they log in and off every day.

What could cause this behaviour?
Is there a system log related to OAuth events we can check to see what is happening?

tim.smith · February 19, 2019, 8:26pm

If an application gets a 401 response, it's one of two causes:

The application didn't provide authorization with the request
The authorization sent with the request was invalid.

The solution to both cases is that the application should handle the 401 response intelligently and redirect the user to the login page to authorize the application.

Auth tokens are most commonly invalidated because either the expiry time has elapsed or too many tokens were created (when a new one exceeds the maximum, the oldest valid token will be invalidated).

jeroencouwenberg · February 20, 2019, 9:08am

Hi Tim,

Thank you for your response. We are using the Javascript SDK so the authorization is applied by that framework. The user is logged in and can use the integration.
However: even though the User Token can not yet be expired (it is set to 24 hours) we are receiving the 401.

You mentioned that there is a maximum of allowed tokens. What is the maximum and can I set it somewhere? Can I view the reason why it was invalidated somewhere?
Thanks in advance.

tim.smith · February 21, 2019, 4:27pm

I believe it is 10 per user/client, but this is an internal limit that is subject to change. A well-formed application should not need to be aware of this.

No.

No. If you believe the product is misbehaving and invalidating your tokens erroneously, please open a case with PureCloud Care.

jeroencouwenberg · February 22, 2019, 7:43am

Hi Tim,

Thanks again for the explanation.
You mention that the tokens are per user/client. How should I interpret this? Is this 10 per PureCloud user or 10 per OAuth application?

tim.smith · February 25, 2019, 4:27pm

Per user-client combination. If you, as a specific user, authenticate using a specific ID, you're allowed your own 10 tokens. Another user authenticating with their credentials, but the same client ID, will have their own 10 tokens. Then if you authenticate using your credentials, but with a different client ID, that application will have a limit of 10 tokens that is separate from the first application's limit.

system · March 28, 2019, 4:27pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.