CODEWITHSUNDEEP
pythondjangooauth
Mulagala
Mulagala

Reputation: 8661

How to use refresh token to obtain new access token on django-oauth-toolkit?

I am using django-oauth-toolkit 0.7 in my Django project for providing Oauth2 through my website.

I have followed the steps here and successfully got the access token, but I am unable to get new access token(if the access token is expired) with the refresh token.

I am able to get the access token with consumer client, but how can I get this with my url in my web site, because I am unable to see what parameters are going to my site when I try to get a new access token with refresh token.

My access and refresh tokens are like this:

{
  "access_token":"1/fFAGRNJru1FTz70BzhT3Zg",
  "expires_in":3920,
  "token_type":"Bearer",
  "refresh_token":"1/xEoDL4iW3cxlI7yDbSRFYNG01kVKM2C-259HOF2aQbI"
}

Any help would be much appreciated.

Upvotes: 20

Views: 23760

Answers (3)

Sumit Kumar Gupta
Sumit Kumar Gupta

Reputation: 2364

To get a new access_token from refresh_token by URL you can use the below URL and pass data in params:

http://127.0.0.1:8000/o/token/?grant_type=refresh_token&refresh_token=<refresh_token_here>&client_id=<your client id here>&client_secret=<your client secret here>

Once you generate a new access_token with the help of refresh_token then the old access_token will be expire.

Upvotes: 0

Aaroosh Pandoh
Aaroosh Pandoh

Reputation: 177

You can pass the post request in POSTMAN. Or Try this, it worked for me:

curl -X POST -H 'Authorization: Basic your_application_id' -d 'refresh_token=your_refresh_token&grant_type=refresh_token' localhost:3000/o/token

{
    "token_type":"bearer",
    "access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiVlx1MDAxNcKbwoNUwoonbFPCu8KhwrYiLCJpYXQiOjE0NDQyNjI4NjYsImV4cCI6MTQ0NDI2Mjg4Nn0.Dww7TC-d0teDAgsmKHw7bhF2THNichsE6rVJq9xu_2s",
    "expires_in":20,
    "refresh_token":"7fd15938c823cf58e78019bea2af142f9449696a"
}

try this Link

Upvotes: 2

YacineAzmi
YacineAzmi

Reputation: 873

To get a new access_token, by using your existing refresh_token you need to send a POST request to the same url you used to get the token in the first place (/o/token/, assuming the default url). The grant_type would now be refresh_token, and you also need to authenticate with your client credentials, since you were issued some.

To summarize: curl -X POST -d "grant_type=refresh_token&client_id=<your_client_id>&client_secret=<your_client_secret>&refresh_token=<your_refresh_token>" http://localhost:8000/o/token/

If you want more information, you can checkout this link to see the relevant section of the standard.

Upvotes: 43

Related Questions