Reputation: 8574
how to refresh or revoke OAuth2.0 access/refresh_token, when no refresh token available?
I was working in my sandbox environment trying to figure out the Chatter API calls - I had saved my refresh token during my testing but it was lost sometime later.
Now when I try to hit the API I am receiving the following error:
"expired access/refresh token"
How do I get around this now? I do not have a refresh token so i cannot make a request to refresh my token, and i'm not sure how to expire / delete / revoke it via the UI so that I can proceed with my testing.
my cUrl call is as follows:
curl
--form client_id=3MVG92.u...2KycWe
--form client_secret=668...930
--form grant_type=password
--form username=mike....com
--form password=*#()@*#$@
--proxy 127.0.0.1:3128 --insecure
https://test.salesforce.com/services/oauth2/token
Things I have tried:
- Reset my password
- Delete remote access and create a new one with new client_id / secret
- Reset my security token
Does anyone know how to expire the token or get a new refresh token via the API or UI in salesforce?
Upvotes: 3
Views: 7346
Answers (2)
Reputation: 71961
This can be done in your account under:
My Settings | Select Personal | Advanced User Details | OAuth Connected Apps
Exact steps at salesforce can be found here
Upvotes: 0
Reputation: 3018
To revoke access from the UI, click on the following in the menu at the top right of Salesforce: Your Name | Setup | My Personal Information | Personal Information and clicking Deny
More info here: https://na12.salesforce.com/help/doc/en/remoteaccess_about.htm
What scope are you using? If you specify a scope (like 'api'), you'll need to explicitly request a refresh token by also specifying 'refresh token' in your scope (space delimited). More info on scopes here: https://na12.salesforce.com/help/doc/en/remoteaccess_oauth_scopes.htm
Unlike Google, Salesforce will provide the refresh token multiple times, regardless of whether the user has just approved the app or not.
I've been playing around with this using Google's OAuth playground. You can click the gear at the top right and specify the values for Salesforce's services. Authorization endpoint: https://login.salesforce.com/services/oauth2/authorize Token endpoint: https://login.salesforce.com/services/oauth2/token Client ID/secret: from Salesforce's 'consumer' key/secret info in the Remote access Config
You'll need to use 'https://code.google.com/oauthplayground/' as your callback URL in your app configuration.
Upvotes: 4
Related Questions
- How to secure a refresh token?
- How to revoke the access and refresh token in Oauth2.0?
- Proper paradigm for refreshing OAuth2 access token
- why not obtain a new access token by resending the authorization grant/code instead of sending refresh token?
- Can you force a refresh token to expire in Salesforce?
- Oauth2/Openid Connect. How to revoke unknown access/refresh tokens
- OAuth2 refresh token utility
- Revoking an old oAuth 2.0 refresh token
- Refresh token unique
- How to refresh access_token in OAuth 2.0 in salesforce