stackoom
  简体   繁体   中英

Refresh token during Spring Boot and OAUTH2 SalesForce session

 原文  2020-03-20 12:33:24       oauth-2.0/ salesforce

Question

I am connecting to SalesForce rest API and with Spring's oauth2template it works really well. I am using Spring Boot, so it is basically just autowiring the Oauth2RestTemplate and configuring the oauth2 properties, but there is a challenge and I am not sure if it is a bug or something I haven't configured properly. The case is when the token expires on the SalesForce side. I still have the old token in the oauth2 context, so if I want the framework to acquire a new token, I manually have to nullify the accesstoken and set it as null in the context in order for getAccesstoken to call acquireAccessToken in the OAuth2RestTemplate class. I know this is wrong, but I suspect it is because I receive missing token information when I first acquire the token from SalesForce. This is the response when I acquire the token the first time

{
    "access_token": "<LONG_VALUE>",
    "instance_url": "<SALESFORCE_SERVER>",
    "id": "<ID_URL>",
    "token_type": "Bearer",
    "issued_at": "1538640612182",
    "signature": "<SIGNATURE_ID>"
}

I cannot get the refresh_token value from SalesForce. I think this is why my OAuth2AccessToken does not have an expiration Date. When I call getExpiration to see the Date, it is null.

So what could I do here? Is there any other configuration I am missing here? I don't like to continue with hacking the framework when it is supposed to handle everything for me, especially acquiring a new token when it expires.

1 answers

solution1
 0  2020-03-20 12:38:48

My first question was deleted since no one were able to answer the question, however I would like to propose a solution myself. I think the world needs to know, but I would also love to get some feedback to the solution.

Apparently SalesForce can be set up with a refreshtoken response when you retrieve the token, but in my case I didn't get the refreshtoken. So anyway. In order to work with something that kind of resembles a refreshtoken strategy I created a Date as a bean in my Spring app:

@Bean
    public Date expiryDate() {
    ... Date configuration here ....

The date would be sometime in the future

And then whenever you have to check for expiry, you just check whether today's date exceeds the date from the expiryDate bean. That's how you could avoid Spring's OAUTH2 framework to acquire a new accesstoken from the server everytime. It is a kind of a hacked solution (I know), but it is a way of saving too many calls.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring Boot Oauth2 Refresh Token - IllegalStateException Spring OAuth2 Refresh token Using Spring oAuth2 impl, is it possible to "downgrade" the scopes of an access token during a refresh-token grant? Spring OAuth2 Refresh token expiration Spring Boot Oauth2 oauth/token not mapped on initialization Spring OAuth2 refresh token to change after refreshing access token Spring boot oauth2 “/auth/oauth/token” forbidden Spring oauth2 refresh token - Cannot convert access token to JSON How to renew access token with the refresh token in oauth2 in spring? Spring Boot with Oauth2
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM