Apex Code Development You need to sign in to do that
Don't have an account?
AminY Oauth2 and Partner WSDL complications
Hi,
My story is a little bit long, I appreciate the time you put for reading.
I'm using Partner wsdl with oauth2.
my work flow is like this:
I get the refresh token and access token. (redirecting user and getting the authorization, etc)
I put the access token n sessionId for partner wsdl, and then run some queries.
after that I logout by calling partnerconnection.logout()
(I know that this will invalidate the session and expire my access token.)
In second run of my program, I try access token, it fails (which is what I expect)
then I try to get a new access token using my refresh token, but it fails with error 400 (no message, which makes it hard to debug)
in second work flow:
I didn't call logout, but waited for two hours, which will invalidate the access token.
It failed when I tried access token (expected)
and it succeed in generating a new access token using my refresh token.
Is there something special about logout which cause this behaviour?
how can I fix it?
There shouldn't be anything special. More information on your refresh token exchange and the request/response to the server would help.
Note that for OAuth2 sessions we do have a special logout endpoint. Just a different way to approch the problem:
http://blogs.developerforce.com/developer-relations/2011/11/revoking-oauth-2-0-access-tokens-and-refresh-tokens.html
Well,
Right now the question I have in mind is that weather logout or revoke in Oauth2, will revoke refresh_token as well as access_token.
If that's the case then I should not revoke/logout at all!
If you revoke the access token, then only the access token will be revoked. If you revoke the referesh token, then that refresh token and all related access tokens will be revoked.
That sounds reasonable when dealing with OAuth tokens. What does logout do on partner wsdl?
revoke access token, refresh token or both?