starred/OAuthSwift

Fork 0

mirror of https://github.com/OAuthSwift/OAuthSwift.git synced 2026-04-27 05:05:51 +03:00

[GH-ISSUE #289] Expired token #170

New issue

Closed

opened 2026-03-03 16:46:20 +03:00 by kerem · 5 comments

kerem commented

2026-03-03 16:46:20 +03:00

Owner

Originally created by @ivanruizscm on GitHub (Oct 10, 2016).
Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/289

I store the tokens (credentials.oauthToken, credentials.oauthTokenSecret), and before making a request i set them into oauthswift.client.credentials.oauthToken/oauthTokenSecret

Them i'm able to make request with those tokens (despite oauthTokenSecret is empty from server) for a period of time (one hour?)

func get(urlString: String, params: [String: Any]?) -> Observable<Data?> {
    return Observable<Data?>.create({ (observer) -> Disposable in
        print("TOKEN: \(self.oauthswift.client.credential.oauthToken)")
        _ = self.oauthswift.client.get(urlString, parameters: params ?? [:], success: { (data, response) in
            observer.onNext(data)
            observer.onCompleted()
            }, failure: { (error) in
                switch error {
                case .tokenExpired:
                    print("Expired")
                default:
                    break

                }
               // observer.onError(CustomError.unauthorized)
        })
        return Disposables.create()
    })
}

Then i get .tokenExpired when i try to make those request.
As https://github.com/OAuthSwift/OAuthSwift/wiki/OAuth-2.0-Token-Expiration then you have to "reconnect", what this means? asking for the user authorizing again in google page?
I need a token for a long period of lifetime or some mechanism for token renewal

OS targeted (with version): 9 / 10
OAuth provider: Google
OAuthSwift version: master branch

Originally created by @ivanruizscm on GitHub (Oct 10, 2016). Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/289 I store the tokens (credentials.oauthToken, credentials.oauthTokenSecret), and before making a request i set them into oauthswift.client.credentials.oauthToken/oauthTokenSecret Them i'm able to make request with those tokens (despite oauthTokenSecret is empty from server) for a period of time (one hour?) ``` func get(urlString: String, params: [String: Any]?) -> Observable<Data?> { return Observable<Data?>.create({ (observer) -> Disposable in print("TOKEN: \(self.oauthswift.client.credential.oauthToken)") _ = self.oauthswift.client.get(urlString, parameters: params ?? [:], success: { (data, response) in observer.onNext(data) observer.onCompleted() }, failure: { (error) in switch error { case .tokenExpired: print("Expired") default: break } // observer.onError(CustomError.unauthorized) }) return Disposables.create() }) } ``` Then i get .tokenExpired when i try to make those request. As https://github.com/OAuthSwift/OAuthSwift/wiki/OAuth-2.0-Token-Expiration then you have to "reconnect", what this means? asking for the user authorizing again in google page? I need a token for a long period of lifetime or some mechanism for token renewal - **OS targeted (with version):** 9 / 10 - **OAuth provider:** Google - **OAuthSwift version:** master branch

kerem

2026-03-03 16:46:20 +03:00

closed this issue
added the
help wanted
label

kerem commented

2026-03-03 16:46:22 +03:00

Author

Owner

@phimage commented on GitHub (Oct 10, 2016):

oauth1 or oauth2?

with oauth2 there is renew token mecanism
This is not automatically done ( #217 talk about this issue)
so you must call renewAccessToken (there is also a convenience temporary method startAuthorizedRequest will do it automatically instead of using client function)

then when asking for a token sometimes you can add a parameter to specify the period of token availability (for instance expiration=never) but not all provider allow that

@phimage commented on GitHub (Oct 10, 2016): oauth1 or oauth2? with oauth2 there is renew token mecanism This is not automatically done ( #217 talk about this issue) so you must call `renewAccessToken` (there is also a convenience temporary method `startAuthorizedRequest` will do it automatically instead of using client function) then when asking for a token sometimes you can add a parameter to specify the period of token availability (for instance expiration=never) but not all provider allow that

kerem commented

2026-03-03 16:46:22 +03:00

Author

Owner

@ivanruizscm commented on GitHub (Oct 10, 2016):

http://stackoverflow.com/questions/26048945/oauth-v2-google-api-expiry-access-token
From here seems i need to save also the oauthRefreshToken to renew the previous token. (oauth2)

@ivanruizscm commented on GitHub (Oct 10, 2016): http://stackoverflow.com/questions/26048945/oauth-v2-google-api-expiry-access-token From here seems i need to save also the oauthRefreshToken to renew the previous token. (oauth2)

kerem commented

2026-03-03 16:46:22 +03:00

Author

Owner

@ivanruizscm commented on GitHub (Oct 11, 2016):

@phimage seems working, which makes me thing, if someone have your renewalToken, can always ask for valid tokens?

@ivanruizscm commented on GitHub (Oct 11, 2016): @phimage seems working, which makes me thing, if someone have your renewalToken, can always ask for valid tokens?

kerem commented

2026-03-03 16:46:22 +03:00

Author

Owner

@phimage commented on GitHub (Oct 11, 2016):

not only the refresh token, the request need also the consumer key and secret

then a provider can revoke the refresh token (because user invalidate it or because you do not refresh since x days)

@phimage commented on GitHub (Oct 11, 2016): not only the refresh token, the request need also the consumer key and secret then a provider can revoke the refresh token (because user invalidate it or because you do not refresh since x days)

kerem commented

2026-03-03 16:46:22 +03:00

Author

Owner

@yosoycody commented on GitHub (Aug 2, 2022):

oauth1 or oauth2?

with oauth2 there is renew token mecanism This is not automatically done ( #217 talk about this issue) so you must call renewAccessToken (there is also a convenience temporary method startAuthorizedRequest will do it automatically instead of using client function)

then when asking for a token sometimes you can add a parameter to specify the period of token availability (for instance expiration=never) but not all provider allow that

How do you do it for Oauth1?

@yosoycody commented on GitHub (Aug 2, 2022): > oauth1 or oauth2? > > with oauth2 there is renew token mecanism This is not automatically done ( #217 talk about this issue) so you must call `renewAccessToken` (there is also a convenience temporary method `startAuthorizedRequest` will do it automatically instead of using client function) > > then when asking for a token sometimes you can add a parameter to specify the period of token availability (for instance expiration=never) but not all provider allow that How do you do it for Oauth1?