I have a program that integrates with the YouTube Live Streaming API. It runs on timers, so its been relatively easy for me to program in to fetch a new Access Token every 50 minutes with a Refresh Token. My question is, why? When I authenticated with YouTube, it gave me a Refresh Token. I … Read more
In my react app i am using axios to perform the REST api requests. But it’s unable to send the Authorization header with the request. Here is my code: tokenPayload() { let config = { headers: { ‘Authorization’: ‘Bearer ‘ + validToken() } } Axios.post( ‘http://localhost:8000/api/v1/get_token_payloads’, config ) .then( ( response ) => { console.log( … Read more
I am trying to implement stateless authentication with JWT for my RESTful APIs. AFAIK, JWT is basically an encrypted string passed as HTTP headers during a REST call. But what if there’s an eavesdropper who see the request and steals the token? Then he will be able to fake request with my identity? Actually, this … Read more
Is it necessary to store the personal access token somewhere locally on the machine after generating it in GitHub? If yes, is there any preferred way where it could be stored? 12 Answers 12
I want to get the access token from Google. The Google API says that to get the access token, send the code and other parameters to token generating page, and the response will be a JSON Object like : { “access_token” : “ya29.AHES6ZTtm7SuokEB-RGtbBty9IIlNiP9-eNMMQKtXdMP3sfjL1Fc”, “token_type” : “Bearer”, “expires_in” : 3600, “refresh_token” : “1/HKSmLFXzqP0leUihZp2xUt3-5wkU7Gmu2Os_eBnzw74” } However, I’m … Read more
Section 4.2 of the draft OAuth 2.0 protocol indicates that an authorization server can return both an access_token (which is used to authenticate oneself with a resource) as well as a refresh_token, which is used purely to create a new access_token: https://www.rfc-editor.org/rfc/rfc6749#section-4.2 Why have both? Why not just make the access_token last as long as … Read more
