Refreshing Expired Access Token

anon12021261 · October 28, 2016, 6:38pm

On this page, it mentions:

If an application token is expired or invalid the API will return the HTTP status code 401. That signals the application to initiate the OAuth flow to get a new access token.

I’m attempting to handle this case using the PureCloud JavaScript SDK. I noticed that PureCloudSession.setUnauthenticatedErrorHandler() seems like the perfect fit for this job; however, in testing this handler is never called when the access token expires.

It appears that when the access token expires, any calls to the PureCloud API do not return an Access-Control-Allow-Origin header, so PureCloudSession.setUnauthenticatedErrorHandler() is not called and the following error is traced out instead:

XMLHttpRequest cannot load https://api.inindca.com/api/v2/users/me. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://apps.inindca.com' is therefore not allowed access. The response had HTTP status code 401.

It seems like PureCloudSession.setUnauthenticatedErrorHandler() was added just for this purpose, but it doesn’t seem to be working as expected. Any chance that this is supposed to work and I’m just doing something wrong?

tim.smith · October 28, 2016, 6:50pm

I tested the error handler with the code below and it was working for me. Can you provide more information about your environment? (web page/node, version, etc.)

<!DOCTYPE html>
<html>
<head>
	<title></title>
	<script src="https://sdk-cdn.mypurecloud.com/javascript/0.72.3/purecloud-api.js"></script>
	<script type="text/javascript">
		var pureCloudSession = purecloud.platform.PureCloudSession({
			strategy: 'implicit',
			clientId: '0000',
			redirectUrl: 'http://localhost.com'
		});
		pureCloudSession.setUnauthenticatedErrorHandler(function(error) {
			console.debug('setUnauthenticatedErrorHandler')
			console.error(error);
		});
		var api = new purecloud.platform.UsersApi(pureCloudSession);

		api.getMe()
		  .then(function(result){
			console.debug('UsersApi.getMe - success')
		    console.debug(result);
		  })
		  .catch(function(error){
			console.debug('UsersApi.getMe - error')
		    console.error(error);
		  });
	</script>
</head>
<body>

</body>
</html>

Console output:

edit: I tried it by specifying an auth token directly (shown below), and it still works. My responses are coming back with the access-control-allow-origin header set correctly. In addition to info about your environment, can you provide a context ID for one of the requests that doesn't have the CORS headers in the response?

var pureCloudSession = purecloud.platform.PureCloudSession({
	strategy: 'token',
	token:'DfJ3Bwiv_NGVlvGG_72CmdCLOSThXBu0rsjFkNBRjodqO-AaosLg3QBzAYGNHImvX2p8gLs8ym15ISgoPVaK-w'
});

anon12021261 · October 28, 2016, 8:03pm

I tried your example and it works if being served from localhost:

But the cross domain error occurs if it's loaded with a URL other than localhost (i.e. 127.0.0.1):

An example correlation id with the error is: 517cc496-e3a4-4f1f-b752-384a1eca62cd

As far as my environment, I'm running Google Chrome (54.0.2840.71) on OS X (10.11.6). I also tried on Firefox with the same results.

tim.smith · November 4, 2016, 5:17pm

I've created API-2062 to address the issue of unauthenticated requests not returning CORS headers.

DaveGussin · April 12, 2017, 1:53am

Is there a C# SDK equivalent callback for "setUnauthenticatedErrorHandler"?

lehelg · April 12, 2017, 8:21am

Noob question, inside the setUnauthenticatedErrorHandler, what is the right way to refresh the token? Do you just call re-establish the session again with

pureCloudSession = purecloud.platform.PureCloudSession({
strategy: 'implicit',
clientId: '0000',
redirectUrl: 'http://localhost.com'
});

KevinGlinski · April 12, 2017, 10:44am

@lehelg yes, and the call pureCloudSession.login() to redirect back to the login screen

@DaveGussin no there isn't

system · August 28, 2017, 7:28pm