access token expire immediately or valid for one time

I am trying to fetch data from Sugar through API so after getting OAtuth token from sugar when I call an API e.g Accounts this works fine but after that, if I call another API with the same token it gives the error "invalid_grant" with a message "Your authentication token is invalid."

0 Jeroen Somhorst over 4 years ago

Are you using a dedicated user account to retrieve the data?

If not are you specifying a specific platform?
0 Sunil Manzoor over 4 years ago in reply to Jeroen Somhorst

yes, the account is dedicated. Using SugarCRM Version 10.0.2 (Build 182 E) (Q2 2020) calling from Node 13.12.0 through Axios.

Sugar is deployed on AWS it works fine when I make a call from my local Node server but when I deploy my node server to AWS as well then the INVALID_GRANT issue occurs

So the workaround I went with I generate a new token before every API call. It works this way but not a good solution
0 Matt Marum over 4 years ago in reply to Sunil Manzoor

If your local Node server and your AWS Node server are connecting to Sugar at same time using same user credentials, then this will cause the problem. You are only allowed 1 session per user per API platform.

You can configure your two Node servers to use different users or make sure they're using different API platforms.

https://support.sugarcrm.com/Documentation/Sugar_Versions/11.0/Sell/Administration_Guide/Developer_Tools/#Configure_API_Platforms

App Ecosystem @ SugarCRM
0 Sunil Manzoor over 4 years ago in reply to Matt Marum

Thanks for your response I don't use it at the same time. I develop locally that works fine, then deploy on AWS then this problem appears? As I can see a lot of discussions at this forum about invalid grant but that is for login through the portal.

It looks issue of saving the session at sugar end
0 Matt Marum over 4 years ago in reply to Sunil Manzoor

Hi Sunil,

It could be some sort of configuration issue with your AWS setup. There's several ways an access token could get invalidated.

You could refer to this support article for some other ideas. The section regarding instances that do not use SugarIdentity would apply to your case.

https://support.sugarcrm.com/Knowledge_Base/Troubleshooting/Troubleshooting_Sugar_Logging_Out_Unexpectedly/

App Ecosystem @ SugarCRM

0 Sanchez Jorge Luis over 4 years ago

Hello Sunil

I have the same problem a few months ago, I read the following guide:

support.sugarcrm.com/.../

1 . Create a record in the OAuth Keys module:

2 . In your nodejs app you can consume the sugar API, in the points of the REST API
"/ ping" - support.sugarcrm.com/.../index.html

"/ oauth2 / token" - support.sugarcrm.com/.../

The following lines of code may help you:

Fullscreen

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
const autenticate = async function (customer_hash, id_platform) {
    let platform = readCustomPlatform(customer_hash, id_platform),
        result = false
    switch (platform.typePlatform) {
        case 'sugarcrm':
            if (platform.access_token) result = await sugarcrm_ping(platform)
            if (result) {
                return platform.credentials.access_token
            }
            else {
                result = await sugarcrm_getToken(platform)
                if (result.access_token) {
                    platform.credentials.refresh_token = result.refresh_token
                    platform.credentials.download_token = result.download_token
                    platform.credentials.access_token = result.access_token
                    await updatePlatform(customer_hash, platform)
                    return result.access_token
                }
            }
            return false
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

const autenticate = async function (customer_hash, id_platform) {
    let platform = readCustomPlatform(customer_hash, id_platform),
        result = false

    switch (platform.typePlatform) {
        case 'sugarcrm':
            if (platform.access_token) result = await sugarcrm_ping(platform)
            if (result) {
                return platform.credentials.access_token
            }
            else {
                result = await sugarcrm_getToken(platform)
                if (result.access_token) {
                    platform.credentials.refresh_token = result.refresh_token
                    platform.credentials.download_token = result.download_token
                    platform.credentials.access_token = result.access_token
                    await updatePlatform(customer_hash, platform)
                    return result.access_token
                }
            }
            return false
            break
    }
    return false
}

const sugarcrm_ping = async (platform) => {
    const response = await sendRequest({
        url: "/ping",
        baseURL: assambleUrl(platform),
        headers: {
            "Content-Type": "application/json",
            "oauth-token": platform.credentials.access_token
        }
    })
    if (!_.isBoolean(response)) {
        logger.debug("Success:", response.data + " token alive!")
        return true
    } else {
        return false
    }
}

const sugarcrm_getToken = async (platform, isRefresh) => {
    let body = {
        "client_id": platform.credentials.client_id,
        "client_secret": platform.credentials.client_secret
    }

    if (isRefresh) {
        body.grant_type = "refresh_token"
        body.refresh_token = platform.credentials.refresh_token
    } else {
        body.grant_type = "password"
        body.username = platform.credentials.username
        body.password = platform.credentials.password
        body.platform = platform.credentials.platform
    }
    const response = await sendRequest({
        url: "/oauth2/token",
        baseURL: assambleUrl(platform),
        method: 'post',
        headers: { "Content-Type": "application/json" },
        data: body
    })

    if (!_.isBoolean(response)) {
        return response.data
    } else {
        return response
    }
}

All the parameters are stored in a config.json

Fullscreen

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
"domain": "qa.crm.com",
"isSecure": true,
"credentials": {
            "username": "",
            "password": "",
            "client_id": "",
            "client_secret": "",
            "platform": "opi",
            "refresh_token": "",
            "download_token": "",
            "access_token": ""
          },
          "versionAPI": "v11_9"
}
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

{
"domain": "qa.crm.com",
"isSecure": true,
"credentials": {
            "username": "",
            "password": "",
            "client_id": "",
            "client_secret": "",
            "platform": "opi",
            "refresh_token": "",
            "download_token": "",
            "access_token": ""
          },
          "versionAPI": "v11_9"
}

Values for

"client_id": "",
"client_secret": ""

extract them from this config

Kind regards.