Stack Overflow
Stack Overflow

Questions tagged [access-token]

Access Token is the last token acquired during the OAuth authentication process.

3329 questions
728
votes
14 answers

Why Does OAuth v2 Have Both Access and Refresh Tokens?

Section 4.2 of the draft OAuth 2.0 protocol indicates that an authorization server can return both an access_token (which is used to authenticate oneself with a resource) as well as a refresh_token, which is used purely to create a new…
dave mankoff
  • 16,001
  • 6
  • 45
  • 59
299
votes
17 answers

Not receiving Google OAuth refresh token

I want to get the access token from Google. The Google API says that to get the access token, send the code and other parameters to token generating page, and the response will be a JSON Object like : { "access_token" :…
Muhammad Usman
  • 9,182
  • 21
  • 69
  • 104
239
votes
6 answers

What if JWT is stolen?

I am trying to implement stateless authentication with JWT for my RESTful APIs. AFAIK, JWT is basically an encrypted string passed as HTTP headers during a REST call. But what if there's an eavesdropper who see the request and steals the token? …
smwikipedia
  • 52,824
  • 76
  • 267
  • 432
169
votes
9 answers

Sending the bearer token with axios

In my react app i am using axios to perform the REST api requests. But it's unable to send the Authorization header with the request. Here is my code: tokenPayload() { let config = { headers: { 'Authorization': 'Bearer ' + validToken() …
rakibtg
  • 3,878
  • 6
  • 41
  • 63
163
votes
4 answers

Token Based Authentication in ASP.NET Core

I'm working with ASP.NET Core application. I'm trying to implement Token Based Authentication but can not figure out how to use new Security System for my case. I went through examples but they didn't help me much, they are using either cookie…
Grant
  • 2,185
  • 3
  • 12
  • 13
137
votes
4 answers

What is the purpose of a "Refresh Token"?

I have a program that integrates with the YouTube Live Streaming API. It runs on timers, so its been relatively easy for me to program in to fetch a new Access Token every 50 minutes with a Refresh Token. My question is, why? When I authenticated…
Jason Axelrod
  • 5,655
  • 9
  • 41
  • 70
137
votes
7 answers

Basic HTTP and Bearer Token Authentication

I am currently developing a REST-API which is HTTP-Basic protected for the development environment. As the real authentication is done via a token, I'm still trying to figure out, how to send two authorization headers. I have tried this one: curl -i…
Azngeek
  • 1,607
  • 2
  • 11
  • 11
122
votes
10 answers

Do Google refresh tokens expire?

I have used the refresh token several times in just a short period for testing purposes, but I wonder whether Google refresh tokens ever expire? Can I use the same refresh token to get another access token again and again for a long period (a week…
Robin Carlo Catacutan
  • 11,461
  • 9
  • 48
  • 79
120
votes
3 answers

Facebook Access Token for Pages

I have a Facebook Page that I want to get some things from it. First thing are feeds and from what I read they are public (no need for access_token). But I want to also get the events... and they aren't public and need the access_token. I don't want…
Rafael 'BSIDES' Pereira
  • 2,401
  • 4
  • 19
  • 21
114
votes
7 answers

Where to store the personal access token from GitHub?

Is it necessary to store the personal access token somewhere locally on the machine after generating it in GitHub? If yes, is there any preferred way where it could be stored?
Krzysztof Słowiński
  • 2,959
  • 5
  • 27
  • 47
96
votes
17 answers

How to refresh token with Google API client?

I've been playing around with the Google Analytics API (V3) and have run into som errors. Firstly, everything is set up correct and worked with my testing account. But when I want to grab data from another profile ID (Same Google Accont/GA Account)…
seorch.me
  • 971
  • 1
  • 7
  • 4
94
votes
6 answers

python request with authentication (access_token)

I am trying to get an API query into python. The command line curl --header "Authorization:access_token myToken" https://website.com/id gives some json output. myToken is a hexadecimal variable that remains constant throughout. I would like to make…
user1895406
  • 1,013
  • 1
  • 7
  • 9
80
votes
9 answers

Get refresh token google api

I can't get my refresh token with my code. I can only get my access token, token type etc., I have followed some tutorials like putting access_type=offline on my login URL: echo "
Robin Carlo Catacutan
  • 11,461
  • 9
  • 48
  • 79
70
votes
8 answers

Facebook Page Access Tokens - Do these expire?

I'm building an app that allows users to administrate their Facebook Fan Pages. This requires the following two Access Tokens: A User Access Token A Page Access Token I'm quite familiar with User Access Tokens, but not with Page Access…
dbau
  • 14,839
  • 2
  • 19
  • 31
67
votes
3 answers

What is the difference between OAuth based and Token based authentication?

I thought that OAuth is basically a token based authentication specification but most of the time frameworks act as if there is a difference between them. For example, as shown in the picture below Jhipster asks whether to use an OAuth based or a…
Cemre Mengü
  • 15,408
  • 24
  • 97
  • 154
1
2 3
99 100