Hi Hari329
the "Authorization Grant" flow is interactive and therefore not suitable for a server to server integration. You could of corse log in manually with the "API user" via the browser and obtain an access and refresh token, and then use these directly, but I don't think this would be suitable for a back-end integration.
What I suggest for the time being is to see whether you can use rest V1 in that scenario, for the time being.
Thanks,
To clarify my above response, you could also approach this by coding an administrative interface which allows an authorized admin user to link your application via the interactive flow (using the api only account) and then persists the tokens that will be used for the subsequent calls. This would also allow to refresh the tokens if they become invalid and for some reason it's not possible to get a new one via a refresh token etc...
Hi Paolo Tagliaferri,
Thanks for the information. Below are the steps we planned :
1.Create API user
2.Log in manually with the "API user" to our lithium communities site and obtain an access and refresh token. Could you please help me to understand the steps involved in obtaining access and refresh key after log in ?
3.Once we get the access and refresh key with manual log in process , we are planning to store it in our system to use whenever we are calling lithium communities using REST API to get the data
Do you see any issues with above process ?
And also could you please elaborate on administrative interface process you mentioned below ?
Thanks a lot for your support,
Hari
Hi Hari329
I think this is described in the documentation I have linked. Essentially, you have 24 hours to use your refresh token to obtain a new refresh/access token pair. If more time passes, you may need to re-do the initial authentication log-in flow.
Re the administrative interface part: I am referring to the "manual" login part - this could be done via an appropriate UI (an administrative interface to obtain valid tokens) rather than completely manually.
Cheers,
Hi Paolo Tagliaferri,
Thanks a lot for the update.
Our understanding based on the article is that , refresh token never expires. So we were thinking option of logging in to our social community site with API-only user manually and retrieve both access and refresh tokens (without spending any extra efforts to code administrative module for user log in) and save these tokens in our system for sub sequent calls as refresh token has no expiry time.
Below is point I was referring to :
----------------------------------------- -----------------------------------------
5th point mentioned in http://community.lithium.com/t5/Community-API-v2/OAuth-2-0-authorization-grant-flow/ta-p/138402
The access token is valid for 24 hours. You can refresh the access tokenif needed. A refresh token can be issued at any time, but typically not until the access token expires. The refresh token does not expire.
And also
Below note from : http://community.lithium.com/t5/Community-API-v2/OAuth-2-0-authorization-grant-flow/ta-p/138402#refreshAccessToken
Refresh the access token
An access token is valid for 24 hours before it expires. Refresh the token within that time period, or the user will go through the authentication flow again. When you pass the refresh token, the Authorization Service, issues new access and refresh tokens. Store the new refresh token in case you need it for subsequent refreshes. The refresh token does not expire
----------------------------------------- -----------------------------------------
As per your comments , it seems refresh token also has expiry time (we need to call either API or log in manually to get the new refresh token after every 24 hours). Could you please clarify below queries so that we can decide based on your comments.
Thanks a lot for your support,
Hari
