Back to OAuth General Discussion YDN SDKs Forum
0

refresh token result with permission denied

hello,

i am getting
oauth_problem=permission_denied

when i try o refresh my access token.

CODE
$ymc 		= new YMClient($emailServiceData[$s_service]['key'],$emailServiceData[$s_service]['secret']);
$tok 		= $ymc->__oauth_refresh_access_token($a_oaTokenInfo);
// the result is oauth_problem=permission_denied


i see that i still grant access to the application https://api.login.yahoo.com/WSLogin/V1/

yesterday it was working
what can be the problem here?

thanks
Elad

by
Report Abuse
12 Replies
  • sorry for double posting (no edit?)

    i forgot to ask

    yesterday i did some test and i just want to be sure.
    is it true that i can refresh an access token more then once, as long as the session handle is not expired

    right?

    thanks
    Elad
    Report Abuse
    0
  • is it possible that yahoo have a bug today?

    i wrote this snippet:

    ymclient.inc
    CODE
    require_once 'ymclient.inc';

    $s_service = 'yahoo';

    $emailServiceData['yahoo']['key'] = 'MY_APP_KEY';
    $emailServiceData['yahoo']['secret']	 = 'MY_APP_SECRET';

    $a_oaTokenInfo['oauth_token'] 		= 'VALID_ACCESS_TOKEN';
    $a_oaTokenInfo['oauth_token_secret'] 	= 'VALID_TOKEN_SECRET';
    $a_oaTokenInfo['oauth_session_handle'] = 'VALID_SESSION_HANDLE';

    $ymc = new YMClient($emailServiceData[$s_service]['key'],$emailServiceData[$s_service]['secret']);
    $param	= new stdclass();
    $param->fid 	= 'Inbox';
    $param->startInfo = 0;
    $param->numInfo = 10;
    $params[] = $param;

    if($_GET['useRefreshToken'])
    	$a_oaTokenInfo = $ymc->__oauth_refresh_access_token($a_oaTokenInfo); /** this method used to be private i change it, that's the only change i did in ymclient.inc for this POC /**/

    $s_result = $ymc->ListMessages($params,$a_oaTokenInfo);

    echo "<pre>";print_r($s_result);echo "</pre>";


    when the token is not expired i do get emails no problems.

    when it is expired i get : "oauth_problem=permission_denied"

    is there a bug in yahoo?? like i said before i checked in the user info and still my application have access to his data.

    thanks
    Elad
    Report Abuse
    0
  • Hi Elad,

    I am not sure what your question is. Following is the expected
    behavior:

    The access token through the get_token endpoint is valid for one
    hour only. You can use the access token to generate the OAuth
    request to retrieve user's data within that hour. Once it is
    expired, you should not be able to do that.

    When you get the access token, you also get the oauth_session_handle
    which persists for much longer time. Therefore when the access token
    expires in one hour, you can use the expired access token and the
    oauth_session_handle to call the get_token endpoint to get a new access
    token. Then you can use the new access token to get user data.

    Please let us know if you see behavior that is different from
    what's described above.


    Thanks,
    Yu Wang
    Report Abuse
    0
  • QUOTE (omiga @ Apr 29 2010, 09:50 AM) <{POST_SNAPBACK}>
    Hi Elad,

    I am not sure what your question is. Following is the expected
    behavior:

    The access token through the get_token endpoint is valid for one
    hour only. You can use the access token to generate the OAuth
    request to retrieve user's data within that hour. Once it is
    expired, you should not be able to do that.

    When you get the access token, you also get the oauth_session_handle
    which persists for much longer time. Therefore when the access token
    expires in one hour, you can use the expired access token and the
    oauth_session_handle to call the get_token endpoint to get a new access
    token. Then you can use the new access token to get user data.

    Please let us know if you see behavior that is different from
    what's described above.


    Thanks,
    Yu Wang


    hey Yu Wang,

    the flow that you describe should work and worked for me yesterday.

    when i try to refresh the token (call to get_token end point with oauth_session_handle) i get:
    'oauth_problem=permission_denied'

    so no refresh token for me

    what should i do?
    Report Abuse
    0
  • Hi Elad,

    Did you call get_token to refresh the access token immediately after
    you get it? Usually that's not allowed because your requests then
    look excessive. In your testing, can you wait at least one minute
    before trying refresh?

    Thanks,
    Yu Wang
    Report Abuse
    0
  • i even waited one full hour :(
    Report Abuse
    0
  • Hi Elad,

    First, can you check this to see whether your app has been revoked
    access?
    https://api.login.yahoo.com/WSLogin/V1/unlink

    Second, can you please confirm that the refresh token request is
    sent exactly as said in the guide:
    http://developer.yahoo.com/oauth/guide/oau...ccesstoken.html

    Thanks,
    Yu Wang
    Report Abuse
    0
  • yes i see that the app still have access to the user data
    https://api.login.yahoo.com/WSLogin/V1/unlink

    also i am doing the right steps. (please tell where i have an error in the snippet)

    1) can you please elaborate in what cases yahoo return "oauth problem permission denied"?
    i read in oauth that its in case the user revoke the token himself, but here is not the case.

    i also open a new app with a new key and got the same result
    so either my snippet have an error (can you confirm that?)
    or yahoo have a bug today (it was working yesterday)

    either way it's something that got me very deprecated :(Elad
    Report Abuse
    0
  • Hi Elad,

    The "oauth problem permission denied" can happen when we cannot associate
    the oauth_session_handle with the user whose data you try to access.

    I'll try to see if I can reproduce this myself.

    Thanks,
    Yu Wang
    Report Abuse
    0
  • QUOTE (omiga @ Apr 30 2010, 03:42 PM) <{POST_SNAPBACK}>
    Hi Elad,

    The "oauth problem permission denied" can happen when we cannot associate
    the oauth_session_handle with the user whose data you try to access.

    I'll try to see if I can reproduce this myself.

    Thanks,
    Yu Wang


    thanks Yu Wang for the info.

    the problem was that my DB truncate the handle filed from 65 chars+- to 45 chars. :(Elad
    Report Abuse
    0
  • Hi Elad,

    Sorry we don't have any place to define the length of these
    variables.

    The access token (oauth_token) can be very long and user
    dependent. Since that's valid for one hour only, you can
    have some periodic cleanup if space is an issue.

    The oauth_token_secret is generally 40-byte long.

    The oauth_session_handle is not long, probably you should
    allocate varchar(100) for it.

    Thanks,
    Yu Wang
    Report Abuse
    0

  • Hi, We had the same problem "OAuth::Problem: permission_denied" even after sleep(120). So, can we wait more? Or should we make a try catch and request the token one more time if failed?

    Report Abuse
    0
Ask a Question

Recent Posts

in OAuth General Discussion YDN SDKs