Problems upgrading from access token

Asked

Viewed 448 times

0

I’m authenticating the Google Calendar API using Scribe, which uses Oauth 2.0 instead. Authentication is completed successfully but I don’t know how to store the access token (accessToken) in the database. I am doing the following:

/*Obter o API USER TOKEN e o API USE SECRET*/
Verifier verifier = new Verifier(code);
Token accessToken = service.getAccessToken(EMPTY_TOKEN, verifier);
API_USER_TOKEN = accessToken.getToken();
API_USER_SECRET = accessToken.getSecret();
/*Guardar tudo na base de dados*/
saveToken(API_USER_TOKEN, API_USER_SECRET);

Then I need to get the token and use it again and this is where the problems appear, how do I build the token I saved in the database ? And how do I upgrade the token ?

To update the token I am trying to use the following algorithm:

OAuthRequest request = new OAuthRequest(Verb.POST,"https://www.googleapis.com/oauth2/v3/token");
JSONObject payload = new JSONObject();
request.addQuerystringParameter("grant_type", "refresh_token");
request.addQuerystringParameter("refresh_token", oldToken.getToken());
request.addQuerystringParameter("client_id", API_APP_KEY);
request.addQuerystringParameter("client_secret", API_APP_SECRET);
service.signRequest(oldToken, request);
Response response = request.send();

But I always get the same error ( google api reply ): invalid_grant Bad Request

1 answer

2


Your mistake is on that line:

request.addQuerystringParameter("refresh_token", oldToken.getToken());

The token you need to use to generate a new pair is the refresh token, not the access token.

  • How do I get the refresh token ?

  • I don’t know what the Java implementation looks like, but I do know that according to the Oauth V2 protocol, when you request an Access Token, you receive not only the same but also a Refresh Token, to use it when the Access Token expires. You should then store the Refresh Token and use it in the parameter refresh_token.

  • @Andrélizardo I made some implementations with the Google Drive API and the documentation exemplifies how to obtain Refresh Token. In short, the token is obtained the first time the user authorizes access to your application. You must store it for further use.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.