How to get the refresh token when existing token expires using the expired token.

We have one application which utilizes ARAS REST API token authentication using username and password .We are facing issue once the access token expires (in our case it's 3600 secs) we need to refresh that token without the need of user to sign-in again using username and password. So, How to get the refresh token using expired access token from the ARAS REST API.

Parents
  • Hi Shrikant,

    For security reasons, I'm not sure this is possible. Instead, I'd recommend increasing the lifetime of the token to something that works with the expected use time of your app.

    1. Open the /OauthServer/Oauth.config file wherever you have your OAuth Server installed
    2. Scroll down until you see the <clientRegistry/> matching the one you're using to request the token
      1. Compare the id attribute of the client registry with the client_id argument you're passing in the body of your request
    3. Change the <tokenLifetime/> tag to increase the amount of time the token will last until it expires
      <tokenLifetime accessTokenLifetime="3600" authorizationCodeLifetime="300" refreshTokenSlidingLifetime="36000" refreshTokenOneTimeOnly="true" refreshTokenAbsoluteExpiration="false"></tokenLifetime>

    After saving this change, any future tokens that are requested using the specific client_id will last longer before they expire.

    Chris


    Christopher Gillis

    Aras Labs Software Engineer

Reply
  • Hi Shrikant,

    For security reasons, I'm not sure this is possible. Instead, I'd recommend increasing the lifetime of the token to something that works with the expected use time of your app.

    1. Open the /OauthServer/Oauth.config file wherever you have your OAuth Server installed
    2. Scroll down until you see the <clientRegistry/> matching the one you're using to request the token
      1. Compare the id attribute of the client registry with the client_id argument you're passing in the body of your request
    3. Change the <tokenLifetime/> tag to increase the amount of time the token will last until it expires
      <tokenLifetime accessTokenLifetime="3600" authorizationCodeLifetime="300" refreshTokenSlidingLifetime="36000" refreshTokenOneTimeOnly="true" refreshTokenAbsoluteExpiration="false"></tokenLifetime>

    After saving this change, any future tokens that are requested using the specific client_id will last longer before they expire.

    Chris


    Christopher Gillis

    Aras Labs Software Engineer

Children
  • Hello Chris, 

    I am facing exactly the same issue. In my case the external application is communicating with Innovator through REST APIs. I passed the access token to this external application. But the fact is once access token expires there is no way I can refresh the token by passing the expired one.

     One more point, when I hit the URL: https://<doman name>/InnovatorServer/oauthserver/.well-known/openid-configuration , One of the responses contains supported grant types.

         "grant_types_supported": [

            "authorization_code",

            "client_credentials",

            "refresh_token",

            "implicit",

            "password",

            "impersonate"

        ],

     Now, ideally using grant type as refresh_token we should be able to generate new token when earlier token expires by passing expired token. I could not find any reference of this in Aras innovator documentation. Can you help me with using refresh_token as a grant type.

     The ask is, once access token expires we want to generate token using Aras REST APIs without passing username and password. What we have is the expired token only and we want to generate new token using expired one by using Aras innovator REST APIs

     Looking forward to hear from you.