Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I programmatically start an OAuth session?

I am using InfusionSoft's API to save the contents of a form that is filled out on a website. The API uses OAuth, and from what I can tell there isn't a way to have a life-long session.

The way the OAuth appears to work is that it is designed for a user to login if their session has expired, just like logging into a website. This obviously isn't suitable for an API, but I'm sure this isn't an unusual requirement.

I have an initial token, but after that expires, what then? The only thing I can think of is to have a cron job that runs hourly to refresh the access token (there is a 'refreshAccessToken' method).

like image 780
Mike Avatar asked Feb 25 '15 12:02

Mike


People also ask

Does OAuth use session?

OAuth depends on Session management In order to show this dependency, let's examine the different ways two apps can communicate with each other using the Authorisation code grant flow[2].

How do I call API access token?

The other way to make an API call with an access token is to add it to the request header. If using curl (a command line program that can be used for running API requests) you would specify the access token like this. Notice that the access_token is not in the URL at all. See the example on the API documentation site.


1 Answers

You need to store both the Access Token (short term - it is live for 24 hours) and the Refresh Token (long term).

You will only need to call the refreshAccessToken method at the start of each session. That method will return both a new Access Token and a new Refresh Token.

Use the new Access Token for the current "session" when making API requests. The Access Token will be valid for 24 hours (this changes from time to time).

Store the new Refresh Token and use it again for your next session.

like image 165
Bradley Ullery Avatar answered Sep 23 '22 16:09

Bradley Ullery