Refresh Token in oauth2 plugin

Hello,

I am a new user of Kong (OSS) and currently trying to create a customer for oauth2 plugin.
Could anyone help me understand that why am I not receving a refresh token along with access token.

oauth2 Configuration as follows:

{“data”:[{“name”:“oauth2”,“route”:null,“consumer”:null,“tags”:null,“id”:“91d99855-08ad-4823-addd-d75f1b1bf7ce”,“enabled”:true,“service”:{“id”:“764a539f-5606-4cc7-bffa-7b54ca4247ed”},“config”:{“anonymous”:null,“hide_credentials”:false,“accept_http_if_already_terminated”:false,“scopes”:[“email”],“provision_key”:“PROVISION_KEY”,“reuse_refresh_token”:false,“enable_implicit_grant”:false,“enable_client_credentials”:true,“enable_password_grant”:false,“enable_authorization_code”:false,“token_expiration”:7200,“refresh_token_ttl”:1209600,“global_credentials”:false,“mandatory_scope”:true,“pkce”:“lax”,“auth_header_name”:“authorization”},“created_at”:1633072591,“protocols”:[“grpc”,“grpcs”,“http”,“https”]}],“next”:null}

Command used to retreive the tokens
curl -X POST --url https://localhost:8443/api/v1/process-start/oauth2/token
–data “client_id=CLIENT_ID” \
–data “client_secret=CLIENT_SECRET”
–data “grant_type=client_credentials”
–data “scope=email”
–data “provision_key=PROVISION_KEY” --insecure

Response:
{“token_type”:“bearer”,“access_token”:“ACCESS_TOKEN”,“expires_in”:7200}

Please excuse me for the fomatting and thank you in advance for your time.

Best regards,
Ritika

client_credential grant does not returns refresh token.

If you need refresh token, try password or authorization code flow instead.

Hello,
Thank you for your reply. Could you please tell me is it possibe to change the exsiting oauth2 configuration or should I delete everything and start again?
Thank you.
Best regards,
Ritika

You just need to enable password or authorization code grant of your existing plugin.

Hello,
Thanks for your reply. I will try the changes. Also, in case of client credentials, once the access token expires what can be done for the consumer so that he gets another access token? I can only think that “token_expiration” parameter must be set to 0 so that the access token never expires. Is there any other way as well?

Thank you in advance
Best regards,
Ritika

Once it expired, you should request a new access_token.

Client_credential is meant to be used as machine to machine. Getting an access_token should be automated.

Hello,
Thank you for your answer. Earlier like you said client_credentials does not return refresh token, so how can an access token be generated without it. Because according to the docs, the command needs a previously returned refresh token.

Also how can the process of getting an access_token be automated? Is there a plugin for Kong?

Thanks in advance,
Ritika


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ