What is the correct way to request a refresh token?

Rich Field over 1 year ago

I'm able to request an access token without issue.

However I cannot use the refresh token to get a new one when it expires.

I get an invalid grant_type error.

I've tried both with and without an auth header with a bearer token.

And with a OAuth-Token header.

The documentation lists two grant types and I'm using what they define

What am I doing wrong?

Parents

0 Kortnee Wilson over 1 year ago

Hey Rich,

It looks like you're pretty close, here is what I use within Postman

{
   "grant_type":"refresh_token",
   "client_id":"sugar",
   "client_secret":"",
   "platform":"{{platform}}",
   "refresh_token": "{{refresh_token}}"
}

If you're using Postman here is what I setup within my Scripts tab within the Authorize and Refresh Requests so that it stores the new values into the Environment Variables. This could help with your testing and make your life easier.

var jsonData = JSON.parse(responseBody);
var access_token = jsonData.access_token;
var refresh_token = jsonData.refresh_token;

tests["Successful POST request"] = responseCode.code === 200;
tests["access_token exists"] = access_token !== null || access_token !== "";
tests["refresh_token exists"] = refresh_token !== null || refresh_token !== "";

postman.setEnvironmentVariable("access_token", access_token);
postman.setEnvironmentVariable("refresh_token", refresh_token);

I hope this helps.

0 John Hawkins over 1 year ago in reply to Kortnee Wilson
Kortnee Wilson

It may just be a typo but for the benefit of anyone trying to use your answer, I'm afraid there is a flaw in your logic.

The condition:

access_token !== null || access_token !== ""

will always evaluate to true for any value of access_token (that is: null, "", any postive string value, any integer, any decimal, any boolean etc.). I think you need to use the logical AND, &&, instead of the logical OR, ||, in your conditions in order to have an array entry that indicates whether the token has been received or not.

access_token !== null && access_token !== ""

Your script will work as long as you get an access_token (or refresh_token) in the JSON. The problem will start when you are not receiving anything and I would think that is exactly when you don't want it to not work

EDIT::

I should have added, for completeness, that you should also test in your condition to ensure that what you are receiving is a String and possibly even that it it the correct length, correct format etc.

Although this is pretty moot as if it works then you have it and if not then you don't!! That is a ropey approach though and may well annoy coding purists

Thanks,

JH.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 John Hawkins over 1 year ago in reply to Kortnee Wilson
Kortnee Wilson

It may just be a typo but for the benefit of anyone trying to use your answer, I'm afraid there is a flaw in your logic.

The condition:

access_token !== null || access_token !== ""

will always evaluate to true for any value of access_token (that is: null, "", any postive string value, any integer, any decimal, any boolean etc.). I think you need to use the logical AND, &&, instead of the logical OR, ||, in your conditions in order to have an array entry that indicates whether the token has been received or not.

access_token !== null && access_token !== ""

Your script will work as long as you get an access_token (or refresh_token) in the JSON. The problem will start when you are not receiving anything and I would think that is exactly when you don't want it to not work

EDIT::

I should have added, for completeness, that you should also test in your condition to ensure that what you are receiving is a String and possibly even that it it the correct length, correct format etc.

Although this is pretty moot as if it works then you have it and if not then you don't!! That is a ropey approach though and may well annoy coding purists

Thanks,

JH.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data