EVE Technology Lab

Forum Index

EVE Forums » EVE Technology and Research Center » EVE Technology Lab » Getting a 500 error when trying to get a refresh token

Topic is locked indefinitely.

Getting a 500 error when trying to get a refresh token
Author

Previous Topic Next Topic

Cinnaa

Investment Grade Metals

Likes received: 0

#1 - 2016-11-22 13:01:41 UTC | Edited by: Cinnaa

Pulling my hair out trying to understand what I'm doing wrong when attempting to get a refresh token.

Here is my request (taken from Postman)

POST /oauth/token/ HTTP/1.1
Authorization: Basic [access token received when authenticated]
Host: login.eveonline.com
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token&refresh_token=[refresh token received when authenticated]

When I send this request I always get back a 500 error from the server e.g.

Internal server error. Error ref: 1338470c-9ba8-4b26-8c8c-c4418a982368

My request appears to look the same as the one shown here...

http://eveonline-third-party-documentation.readthedocs.io/en/latest/sso/refreshtokens.html

I'm also requesting the publicData scope.

I can also successfully use the access token to make API calls.

Anyone have any ideas what I am doing wrong?

Caldari Capital Construction Inc. 137
Alt Two Caldari Capital Construction Inc. Likes received: 137	#2 - 2016-11-22 16:28:54 UTC Cinnaa wrote: Authorization: Basic [access token received when authenticated] This is your problem. See here how to create the authorization string. The access token you receive from the server is different. The authorization header is used to authenticate the application and the access and refresh tokens are for authenticating the user.


Cinnaa Investment Grade Metals Likes received: 0	#3 - 2016-11-22 17:31:31 UTC Thanks, works perfectly. Do you know long do the refresh tokens last for before they expire?


Alt Two Caldari Capital Construction Inc. Likes received: 137	#4 - 2016-11-22 18:17:55 UTC They never expire unless the user revokes it on the CCP support site.


Cinnaa Investment Grade Metals Likes received: 0	#5 - 2016-11-22 19:33:33 UTC Ok, so if I use the refresh token to get a new access token I also get a new refresh token? Which I can securely store?

Alt Two

Caldari Capital Construction Inc.

Likes received: 137

#6 - 2016-11-22 20:28:59 UTC

Cinnaa wrote:

Ok, so if I use the refresh token to get a new access token I also get a new refresh token?

Which I can securely store?

You get back the same refresh token. The access token changes on every refresh but you need that one for the API calls so you need to store both. Then on every call to an endpoint which needs authorization check if the access token is older than 20 minutes. If yes do a refresh first.

Or you could store only the refresh token and get a new access token for every endpoint call, but you save some time and traffic by caching it.