0

Access Token Refresh

Hi,

I'm writing an application for the Contacts API but I'm having some issues refreshing my tokens. My applications works fine while the initial access token still works but as soon as it expires I'm unable to fetch a new one without requiring user intervention.


I'm not sure why I'm getting errors so I'll try and explain what I'm doing and ask a few questions as well.

Upon getting the initial access token I'm storing the following data:

- oauth_token
- oauth_secret
- oauth_verifier
- oauth_session_handle

Using the first three, I'm able to use the API without having any issues at all. However as soon as the token expires, I get a "token_rejected".

So, I issue a get_token request including the oauth_session_handle (but not the oauth_verifier - as stated in your documentation) but once again I get a "token_rejected".

My questions are:

- Can I trust the token_rejected message? Could it be that my signature is invalid and the API is not telling me so?
- You state the the oauth_session_handle is "The persistent credential used by Yahoo! to identify the Consumer after a User has authorized access to private data. Include this credential in your request to refresh the Access Token once it expires." - does this mean that it never changes? Even after refresh the token?
- When refreshing a token - do you just "reenable" the oauth_token or do I get a new oauth_token and oauth_token_secret?
- Is it OK if I refresh a token while it's still active? Or should I always wait until it expires?

( I'm doing GET requests and using HMAC-SHA1 signatures)

I'll keep on working on this until I figure out what I'm doing wrong but it would really help if someone could help me figure out what's happening.

Thanks,
Tiago

by
12 Replies
  • Hi Tiago,

    Are you URL encoding your token? I have seen this error only when the token is not URL encoded. Depending on the language/libraries you are using there should be a function to do this.

    My problem is a step back from this, I can't seem to get Yahoo! to accept my signature. No matter what I try I keep getting "signature_invalid". I'm at my wits end!


    Kind regards

    Alan Kelly
    Join me on w2meet.com
    0
  • QUOTE (tftfmacedo @ Jun 16 2009, 01:47 AM) <{POST_SNAPBACK}>
    I'm writing an application for the Contacts API but I'm having some issues refreshing my tokens. My applications works fine while the initial access token still works but as soon as it expires I'm unable to fetch a new one without requiring user intervention.

    I'm not sure why I'm getting errors so I'll try and explain what I'm doing and ask a few questions as well.

    Upon getting the initial access token I'm storing the following data:

    - oauth_token
    - oauth_secret
    - oauth_verifier
    - oauth_session_handle

    Using the first three, I'm able to use the API without having any issues at all. However as soon as the token expires, I get a "token_rejected".


    I'm seeing the same problem. Did you ever solve this problem? I'm using the Ruby OAuth gem.
    0
  • QUOTE (James @ Jan 12 2010, 10:48 AM) <{POST_SNAPBACK}>
    I'm seeing the same problem. Did you ever solve this problem? I'm using the Ruby OAuth gem.


    I'm also seeing this same problem with the Ruby OAuth gem.

    I basically do the following:
    create a new consumer
    @request_token = OAuth::RequestToken.new(@consumer, old_access_token, old_secret)
    @access_token = @request_token.get_access_token({:oauth_session_handle => session_handle, :oauth_token => old_access_token)

    I've tried using URI.escape(CGI.escape(old_access_token),'.')

    Both don't work. I still get token_rejected
    0
  • Hi Koden,

    Can you please provide the complete HTTP request and response headers?
    In the wire, access token should take the format of 'A%3D' like
    https://api.login.yahoo.com/oauth/v2/get_to...th_token=A%3D...

    Thanks,
    Yu Wang
    0
  • QUOTE (omiga @ Aug 6 2010, 02:55 PM) <{POST_SNAPBACK}>
    Hi Koden,

    Can you please provide the complete HTTP request and response headers?
    In the wire, access token should take the format of 'A%3D' like
    https://api.login.yahoo.com/oauth/v2/get_to...th_token=A%3D...

    Thanks,
    Yu Wang


    Hi Yu,
    Sorry didn't see this until now. Here is the request in YAML:

    --- &id002 !ruby/object:Net::HTTP::Post
    body:
    body_stream:
    header:
    accept:
    - "*/*"
    user-agent:
    - OAuth gem v0.3.6
    authorization:
    - OAuth oauth_nonce="uwwb4bza463Tdmz4mP1J91TAvJraURP1xgcNeRTimE", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1281733900", oauth_consumer_key="dj0yJmk9eXU4dk1DcGxwUkl6JmQ9WVdrOWRIbEpOV3RtTTJVbWNHbzlPVFU1TkRJNU16WXkmcz1
    jb25zdW1lcnNlY3JldCZ4PTMx", oauth_token="A%3DiPX4rdSav1F.M7o_Sb94gHHGH86bz3kl3ss1L8VrCPVgX5QchOR.gUkiD5bh1SJjwKCYrhRyCTX8b2
    7xWtIVbp05u43gclmUWZjqbB7HbFtXnMAkTc81s11CgyWWIgB9OgKOyRRVNapeimmzp0EJSubv3W5w1Bm
    zpfabSAOGy9aEvMB7.iCuSHI0cwwuTGgc_lRrtMF4ahfazciduP61OQcVDNwKxwHBrzPIGde4moLs3t3H
    MzYO3NONJq9uKPHEACATRWMyk5OV.7ljuvod5UtH4086HGpKbj3qPNB_XVRGeCnbyWqzg2VbfQjVlADgS
    _D3Y3Kqs2AsEVLPX3mOqMm2VJ1sbxy1_haqv.yqcZPwPrp3OxjtQJMgTzpBL0UH056KF7jNV7tkpk19_V
    9uDROsbrO8iLxa8TjLCxc6.QOlEIc3UPVpLyXZuyUzB7gvrW973iv1jsad33sOEKmD2giUwPGZFbL048h
    cVC5qwDIzHd93_32guaAMYuOOWr37fg.ius9gzLdHl0tNLgBf7McgzlO0YIEMTtJ2E.O9Pf8Pi9G8d8bF
    smtRewWNO3fx38hJXs0AmCZFiW4Afomc776lXJiw43U2S04UqgPzdtR5itJsfocq5eCKO4zX9JanV6xAl
    YhdMpvU2FH7xztun4gEPDrkskf_ycs96qNETp_3W8CKbdNCmUjHV0IjrYfN4LBog3CFjgeCGQe_5k15Uy
    9i72bM0ucnjP0Uwhbh_4KnJmxEgtwbktX9ifXYNEXIYB8rPAXukNmm6Cwxy5cwjRbS", oauth_signature="otvEe2MaOrcyz3De4PrSiducUIk%3D", oauth_version="1.0"
    content-length:
    - 0
    method: POST
    oauth_helper: !ruby/object:OAuth::Client::Helper
    oauth_ua_string: OAuth gem v0.3.6
    options:
    :timestamp: "1281733900"
    :http_method: :post
    :signature_method: HMAC-SHA1
    :proxy:
    :nonce: uwwb4bza463Tdmz4mP1J91TAvJraURP1xgcNeRTimE
    :request_token_path: /oauth/v2/get_request_token
    :site: https://api.login.yahoo.com
    :token: !ruby/object:OAuth::RequestToken
    consumer: &id001 !ruby/object:OAuth::Consumer
    http: !ruby/object:Net::HTTP
    address: api.login.yahoo.com
    close_on_empty_response: false
    curr_http_version: "1.1"
    debug_output:
    newimpl: true
    open_timeout:
    port: 443
    read_timeout: 60
    seems_1_0_server: false
    socket:
    ssl_context: !ruby/object:OpenSSL::SSL::SSLContext
    ca_file:
    ca_path:
    cert:
    cert_store:
    client_ca:
    client_cert_cb:
    extra_chain_cert:
    key:
    options:
    session_get_cb:
    session_id_context:
    session_new_cb:
    session_remove_cb:
    timeout:
    tmp_dh_callback:
    verify_callback:
    verify_depth:
    verify_mode: 0
    started: false
    use_ssl: true
    http_method: :post
    key: dj0yJmk9eXU4dk1DcGxwUkl6JmQ9WVdrOWRIbEpOV3RtTTJVbWNHbzlPVFU1TkRJNU16WXkmcz1jb25z
    dW1lcnNlY3JldCZ4PTMx
    options:
    :signature_method: HMAC-SHA1
    :http_method: :post
    :proxy:
    :request_token_path: /oauth/v2/get_request_token
    :site: https://api.login.yahoo.com
    :authorize_path: /oauth/authorize
    :access_token_path: /oauth/v2/get_token
    :scheme: :header
    :oauth_version: "1.0"
    secret: b95bd5100d036a986725c3fdf6455f4b6ecc07be
    params: {}

    secret: 94af4cac6164448dd828424c9af9940bc4d9a720
    token: A=iPX4rdSav1F.M7o_Sb94gHHGH86bz3kl3ss1L8VrCPVgX5QchOR.gUkiD5bh1SJjwKCYrhRyCTX8b2
    7xWtIVbp05u43gclmUWZjqbB7HbFtXnMAkTc81s11CgyWWIgB9OgKOyRRVNapeimmzp0EJSubv3W5w1Bm
    zpfabSAOGy9aEvMB7.iCuSHI0cwwuTGgc_lRrtMF4ahfazciduP61OQcVDNwKxwHBrzPIGde4moLs3t3H
    MzYO3NONJq9uKPHEACATRWMyk5OV.7ljuvod5UtH4086HGpKbj3qPNB_XVRGeCnbyWqzg2VbfQjVlADgS
    _D3Y3Kqs2AsEVLPX3mOqMm2VJ1sbxy1_haqv.yqcZPwPrp3OxjtQJMgTzpBL0UH056KF7jNV7tkpk19_V
    9uDROsbrO8iLxa8TjLCxc6.QOlEIc3UPVpLyXZuyUzB7gvrW973iv1jsad33sOEKmD2giUwPGZFbL048h
    cVC5qwDIzHd93_32guaAMYuOOWr37fg.ius9gzLdHl0tNLgBf7McgzlO0YIEMTtJ2E.O9Pf8Pi9G8d8bF
    smtRewWNO3fx38hJXs0AmCZFiW4Afomc776lXJiw43U2S04UqgPzdtR5itJsfocq5eCKO4zX9JanV6xAl
    YhdMpvU2FH7xztun4gEPDrkskf_ycs96qNETp_3W8CKbdNCmUjHV0IjrYfN4LBog3CFjgeCGQe_5k15Uy
    9i72bM0ucnjP0Uwhbh_4KnJmxEgtwbktX9ifXYNEXIYB8rPAXukNmm6Cwxy5cwjRbS
    :authorize_path: /oauth/authorize
    :oauth_session_handle: AGkRWUwMquFafMFkHCOX3Aa89ofMZAPTHkUxFuIEbdI3NrYwggC8q4M-
    :access_token_path: /oauth/v2/get_token
    :request_uri: https://api.login.yahoo.com:443/oauth/v2/get_token
    :consumer: *id001
    :scheme: :header
    :oauth_version: "1.0"
    request: *id002
    path: /oauth/v2/get_token
    request_has_body: true
    response_has_body: true


    Here is the response in YAML:

    --- !ruby/object:Net::HTTPUnauthorized
    body: oauth_problem=token_rejected
    body_exist: true
    code: "401"
    header:
    p3p:
    - policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
    content-type:
    - application/x-www-form-urlencoded
    connection:
    - close
    www-authenticate:
    - OAuth oauth_problem=token_rejected
    date:
    - Fri, 13 Aug 2010 21:11:41 GMT
    transfer-encoding:
    - chunked
    http_version: "1.1"
    message: Forbidden
    read: true
    socket:
    0
  • after looking at that, it looks like the oauth_session_handle isn't in the authorization header? Is that why this isn't working? I have to figure out how to get the oauth gem to include it in the header I'm guessing?
    0
  • I haven't been able to get this to work. Token is still being rejected.

    There has to be at least ONE person in the world who's gotten this to work right?
    0
  • Hi Koden,

    Can you please send me the script you use? I will try to read
    Ruby.

    Thanks,
    Yu Wang
    0
  • the same here.

    After the token is expired:

    HTTP/1.1 401 Authorization Required
    Date: Thu, 19 Aug 2010 18:05:44 GMT
    WWW-Authenticate: OAuth oauth_problem="token_expired", realm="yahooapis.com"
    Content-Type: application/xml
    Cache-Control: private
    Age: 0
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: YTS/1.17.21

    I am note able to renew it.

    Array
    (
    [0] => Array
    (
    [url] => https://api.login.yahoo.com/oauth/v2/get_to...uth_version=1.0
    [content_type] => application/x-www-form-urlencoded
    [http_code] => 401
    [header_size] => 432
    [request_size] => 1265
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0.26435
    [namelookup_time] => 0.102296
    [connect_time] => 0.136103
    [pretransfer_time] => 0.22036
    [size_upload] => 0
    [size_download] => 31
    [speed_download] => 117
    [speed_upload] => 0
    [download_content_length] => 0
    [upload_content_length] => 0
    [starttransfer_time] => 0.264333
    [redirect_time] => 0
    [request_header] => GET /oauth/v2/get_token?oauth_consumer_key=dj0yJmk9Smt4dm1YM0kyVlpzJmQ9WVdrOVVXUlRlWGhoTm5FbWNHbzlOak13T
    1RVeU16WXkmcz1jb25zdW1lcnNlY3JldCZ4PTM3&oauth_nonce=370706833&oauth_session_handle=ALezWkzElwJsfk7UiBDLkHu3m5yOQi.OCiA9oKUzLoiviX_SkQhLewM
    rCxU7&oauth_signature=b810425e62c3eb704d10575edf1907e2bdb52c23%262d13f3617af5e07068048001fbdf2d68964e3d18&oauth_signature_method=PLAINTEXT&oauth_timestamp=1282241149&oauth_token=A%253DYTf7IF3xlRxffofVt6APnr8c.A5X_ioiMsN8KP1MmBQTuIVGWwg_Fpjm_jlKELyPYkP2iqWuiD45
    Hu0yWd1Qt8f5Vy6Wc_p8cl5kQ7DpOolbk8BzqWUkGUqmtiE76r9GcAOYY1ZXRZOCwtYRFrYPf_1_EaPOt
    zjjjpx1by8amFPEnGmlUKjhxp7tWimk3tJlGvlwm44PSL1N4pFnBEUlw8a2gQd5v0OI3yowehUg.jnSgE
    n62HM1j._TQq7HGBuVRJ_dOMLBRgtX8UExaWTWwPcSa5OoY9yQCeH8FSRlpNWzx5fx6PPiaG_CCg1cCu1
    qMizJiCqlCGU2yRHdjW63TqA6PEd7MBoddtFvnweYxbHgEbjJwTFd9.1umEGM_xkfgPpt.e_0LwxmoFaG
    tfGzsS7AkhkqtGyStyu_1iexbuxkPFRPhVfxVSLbTPf0zTepmxc8FqTYRqAoGcbomHUUmbukDosX5LW6c
    Ycp6Ov2UG77GRtvaszaagIpYjoPJBBfT7k6HvMg2BSsTNPLbBcE6mGH0.2flXqCaBKg8UsT3kqWMY86tE
    011iSCf9dGuffnSDp5C1LGgfbk3IYjFmKcPRoRZH.hk9i2FH0mQPCOBG6ZI1sQINJqwbsaJYzJ2tRQD5W
    2pMCaP1iRTQh1aXq_gNN52KaR4K0oY2xjcaaGRRWf3bzhtndih488fPxNvdy4yeEZBdNWyvFpTflSZb9k
    Sw5ewTKvjn76Fz.HQqPIhq38KJI8LYu6iGWryfnoV70-&oauth_version=1.0 HTTP/1.1
    Host: api.login.yahoo.com
    Accept: */*


    )

    [1] => HTTP/1.1 401 Forbidden
    Date: Thu, 19 Aug 2010 18:05:44 GMT
    P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
    WWW-Authenticate: OAuth oauth_problem=signature_invalid
    Connection: close
    Transfer-Encoding: chunked
    Content-Type: application/x-www-form-urlencoded


    [2] => oauth_problem=signature_invalid
    [3] => Array
    (
    [oauth_problem] => signature_invalid
    )

    )
    0
  • Its working! :-)


    there are tooo many secrets!
    its hard to distinguish between

    -$oauth_token_secret
    -$request_token_secret

    I mixed them up.
    0
  • QUOTE (Stachura Roman @ Aug 19 2010, 10:21 AM) <{POST_SNAPBACK}>
    Its working! :-)


    there are tooo many secrets!
    its hard to distinguish between

    -$oauth_token_secret
    -$request_token_secret

    I mixed them up.


    what's request_token_secret?
    0
  • QUOTE (koden @ Aug 19 2010, 10:33 AM) <{POST_SNAPBACK}>
    what's request_token_secret?

    http://developer.yahoo.com/oauth/guide/oau...questtoken.html

    The Request Token is a temporary token used to initiate User authorization for your application.
    with this token you get a secret. --> request_token_secret

    --> oauth_token_secret The secret associated with the Request Token.
    0

Recent Posts

in OAuth General Discussion YDN SDKs