Refresh expired access token

Dmitriy_Gusev · March 7, 2018, 11:19am

Hi!
There is a lot of possible ways, how to retrieve accessToken for API, but its expires after 24 hours.
There is NO any refreshToken functionality exist in JavaScript SDK and documentation.

As usual there is a response

access_token: ""
expires_in: 86398
token_type:"bearer"

and nothing more.

Please provide CODE SNIPPET or direct link to documentation, how can i refresh obtained token.

tim.smith · March 7, 2018, 3:33pm

PureCloud does not currently support refresh tokens. See the Authorization documentation for the supported OAuth grant types: https://developer.mypurecloud.com/api/rest/authorization/index.html

Dmitriy_Gusev · March 9, 2018, 2:21pm

i checked the documentation and how they work via SDK.

Only "Authorization Code Grant" has permissions to work with Calls (originate, answer, hangup etc)

We are looking for solution, which will not force user to RE-login every day.
Is that possible somehow to make any OAuth for a long time, and still be able to control calls via API?

tim.smith · March 9, 2018, 3:40pm

Since PureCloud does not support refresh tokens, the user must log in again whenever their token expires. If you implement the SAML2 Bearer grant, it is possible to authorize the user without prompting them, though that requires the SAML provider to not prompt the user for authentication. There's an open source example to accompany the docs on that grant type if you're interested in pursuing a SAML integration: https://github.com/MyPureCloud/saml2bearer-oauth-example

Dmitriy_Gusev · March 12, 2018, 1:15pm

hi!
I checked 'saml2bearer-oauth-example'

It doesn't work.
I configured Okta and SAML2 Bearer auth, and each time i receive

{
    "error": "invalid_request",
    "description": "failed to parse assertion"
}

Also, it also generates access_token with maximum 48h lifetime.
And to make OAuth user should login to Okta...

tim.smith · March 13, 2018, 6:58pm

I'll need more information to be able to help with that error.

Also, it also generates access_token with maximum 48h lifetime.

Correct. PureCloud OAuth clients can be configured for the access tokens to expire after 0 to 48 hours.

And to make OAuth user should login to Okta…

Correct. When you use a SAML2 Bearer integration, the user must be authenticated with the SAML provider for it to be able to provide a SAML assertion to PureCloud.

system · April 13, 2018, 7:03pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.