Refresh Token in oauth2 plugin

ritika · October 4, 2021, 2:10pm

Hello,

I am a new user of Kong (OSS) and currently trying to create a customer for oauth2 plugin.
Could anyone help me understand that why am I not receving a refresh token along with access token.

oauth2 Configuration as follows:

{“data”:[{“name”:“oauth2”,“route”:null,“consumer”:null,“tags”:null,“id”:“91d99855-08ad-4823-addd-d75f1b1bf7ce”,“enabled”:true,“service”:{“id”:“764a539f-5606-4cc7-bffa-7b54ca4247ed”},“config”:{“anonymous”:null,“hide_credentials”:false,“accept_http_if_already_terminated”:false,“scopes”:[“email”],“provision_key”:“PROVISION_KEY”,“reuse_refresh_token”:false,“enable_implicit_grant”:false,“enable_client_credentials”:true,“enable_password_grant”:false,“enable_authorization_code”:false,“token_expiration”:7200,“refresh_token_ttl”:1209600,“global_credentials”:false,“mandatory_scope”:true,“pkce”:“lax”,“auth_header_name”:“authorization”},“created_at”:1633072591,“protocols”:[“grpc”,“grpcs”,“http”,“https”]}],“next”:null}

Command used to retreive the tokens
curl -X POST --url https://localhost:8443/api/v1/process-start/oauth2/token
–data “client_id=CLIENT_ID” \
–data “client_secret=CLIENT_SECRET”
–data “grant_type=client_credentials”
–data “scope=email”
–data “provision_key=PROVISION_KEY” --insecure

Response:
{“token_type”:“bearer”,“access_token”:“ACCESS_TOKEN”,“expires_in”:7200}

Please excuse me for the fomatting and thank you in advance for your time.

Best regards,
Ritika

fomm · October 4, 2021, 2:19pm

client_credential grant does not returns refresh token.

If you need refresh token, try password or authorization code flow instead.

ritika · October 4, 2021, 3:07pm

Hello,
Thank you for your reply. Could you please tell me is it possibe to change the exsiting oauth2 configuration or should I delete everything and start again?
Thank you.
Best regards,
Ritika

fomm · October 4, 2021, 10:00pm

You just need to enable password or authorization code grant of your existing plugin.

ritika · October 5, 2021, 9:50am

Hello,
Thanks for your reply. I will try the changes. Also, in case of client credentials, once the access token expires what can be done for the consumer so that he gets another access token? I can only think that “token_expiration” parameter must be set to 0 so that the access token never expires. Is there any other way as well?

Thank you in advance
Best regards,
Ritika

fomm · October 5, 2021, 10:02am

Once it expired, you should request a new access_token.

Client_credential is meant to be used as machine to machine. Getting an access_token should be automated.

ritika · October 6, 2021, 7:36am

Hello,
Thank you for your answer. Earlier like you said client_credentials does not return refresh token, so how can an access token be generated without it. Because according to the docs, the command needs a previously returned refresh token.

Also how can the process of getting an access_token be automated? Is there a plugin for Kong?

Thanks in advance,
Ritika

Topic		Replies	Views
Long-lived OAuth 2 refresh tokens Questions	0	511	March 13, 2019
Not able get Oauth2 Access Token	2	487	July 10, 2021
OAuth 2 Enhancements Questions	2	500	October 1, 2019
Kong How to implement refresh token using openid plugin?	3	419	March 30, 2023
OAuth2.0 Plugin not registered at /oauth2/token Questions	4	1165	April 9, 2024

Refresh Token in oauth2 plugin

Related Topics