Announcement Announcement Module
Collapse
No announcement yet.
refresh token for linkedin Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • refresh token for linkedin

    Hi all

    I am trying to implement spring social LinkedIn. LinkedIn access token have an expiry time of 60 days. Could someone please help me with how to refresh these tokens.

    Thanks a lot in advance

    Neil

  • #2
    If you have a look at JIRA you will see that refresh tokens are planned for the 1.1.0.M4 release (current = M3). Not sure if LinkedIn supports refresh tokens. The new ReconnectFilter should help you for now (if you're not concerned about offline access. I just implemented it. It's a bit rough around the edges but it works

    Comment


    • #3
      refresh token for linkedin

      Hi,

      Thanks for that.I am currently working with Spring Showcase Example as the base. Could you please direct me how to use ReconnectFilter to refresh tokens with it. I am quite an amateur with Spring Social and am not familiar with how to work around with ReconnectFilter too.

      Thanks a lot in advance,
      Neil

      Comment


      • #4
        I did see some documentation but I can't remember where.
        Anyways, you have to reference the ReconnectFilter in web.xml to act as a servlet filter. This filter catches AuthorizationException and initializes a reconnect based on that.

        PHP Code:
            <filter>
                <
        filter-name>apiExceptionHandler</filter-name>
                <
        filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
            </
        filter>

            <
        filter-mapping>
                <
        filter-name>apiExceptionHandler</filter-name>
                <
        url-pattern>/*</url-pattern>
            </filter-mapping> 
        Make sure this is placed after the securityFilter

        Then you have to set up the handler in your @Configuration

        PHP Code:
            @Bean
            
        public ReconnectFilter apiExceptionHandler() {
                return new 
        ReconnectFilter(usersConnectionRepositoryuserIdSource);
            } 
        With Linkedin 401 and 403 exceptions are not yet properly caught and translated to AuthorizationException, so you have to catch these yourself and rethrow them as AuthorizationExceptions to make it work.

        I do that like this

        PHP Code:
            public void analyzeException(RestClientException rce){
                if(
        rce.getMessage().matches(".*(401|403).*")){
                    throw new 
        NotAuthorizedException(providerrce.getMessage());
                }else{
                    throw 
        rce;
                }
            } 
        BTW, this is all based 1.1.0.M3!

        Comment


        • #5
          Hi mschipperheyn,

          Thanks a lot for this . Some noob questions.
          1)userIdSource is the value I can get from userIdSource() in SocialConfig?
          2)Where do I place the analyzeException? and what type of class does "provider" variable belong to?
          3) If I want to refresh my token, or unauthorized it so that I can test this , do you know any ways how I can setup the data for this scenario?

          I highly appreciate the help regarding this.

          Many thanks and Regards,
          Neil

          Comment


          • #6
            1)userIdSource is the value I can get from userIdSource() in SocialConfig?
            Yes.
            2)Where do I place the analyzeException? and what type of class does "provider" variable belong to?
            Whenever you interact with the LinkedIn API try/catch RestClientExceptions and analyze those.

            3) If I want to refresh my token, or unauthorized it so that I can test this , do you know any ways how I can setup the data for this scenario?
            No tips for this. One thing to realize is that the ReconnectFilter only works when the user interacts with the environment. There is no refresh scenario for an offline scenario unless the oauth provider supports the refreshtoken scenario.

            Comment


            • #7
              refresh token for linkedin

              Well to giv you a Gist, it would be a LinkedIn WebService that I would be buildin. It will perform Oauth2.0 with some accounts so that it can retrieves company updates from them. So It would have access to the online scene.
              I am still unclear on some points. Could you please make me understand
              1) ReconnectFilter : It works once the token expires right? So it will direct me to the authorization page to authorize my app?
              2) What if I dont use the above filter. My base example is Spring Social Showcase. Right now, I am storing the Access token along with the expiry time in the database. Once it expires, Would I able to authorize my application with the original Oauth 2.0 flow(I did at the first time) or will I only get a error message and not able to use it again?
              3) I am still unclear about the provider variable

              And I highly appreciate your patience with me

              Thanks and Regards,
              Neil

              Comment


              • #8
                1) ReconnectFilter : It works once the token expires right? So it will direct me to the authorization page to authorize my app?

                Basically yes. Of course, the reconnectfilter would kick in every time you throw a NotAuthorizedException (which you should rethrow if you catch it somewhere).

                2) What if I dont use the above filter. My base example is Spring Social Showcase. Right now, I am storing the Access token along with the expiry time in the database. Once it expires, Would I able to authorize my application with the original Oauth 2.0 flow(I did at the first time) or will I only get a error message and not able to use it again?

                I've had loads of trouble with this in the past. Before ReconnectFilter appeared, I wrote my own version of a ReconnectFilter to handle this scenario.

                3) I am still unclear about the provider variable
                "linkedin", "facebook","google". Each provider has its own callsign.

                Comment


                • #9
                  Thanks a lot. I couldn't figure out where to put the function so put the function as an implementation of try catch block wherever I make calls to twittr/linkedin. I have a DB to store the token so I changed the value of it to recreate a scenario. It took me back to the authorisation page. So I guess this is fine right?

                  Comment


                  • #10
                    It's a bit hard to respond to that without seeing code.

                    Comment

                    Working...
                    X