How to refresh the access token of an Application with the WSO2 API Manager 1.10.0?

3
votes

I've (finally) managed to get a valid access token for an application using the API with the WSO2 API Manager 1.10.0. However, it is unclear to me how to refresh this token.

I got the working access token by calling https://myapi.mydomain.com/api/am/store/v0.9/applications/generate-keys?applicationId=2b205ee5-5891-4913-96e0-b4952d7d2a4c with the following payload

var payload = {
    'grant_type': 'password',
    'username': username, 
    'password': password,
    "validityTime": validityTime,
    "keyType": "PRODUCTION",
    "accessAllowDomains": [ domain ]
}

The result looks like this:

Generating application keys for application with id '2b205ee5-5891-4913-96e0-b4952d7d2a4c'
{ consumerKey: '5k7UDuFTV0UE7mESHerEIm2Nj3ga',
  consumerSecret: 'm1hS_SNfHF25l9lP9YjYpf977VUa',
  keyState: 'APPROVED',
  keyType: 'PRODUCTION',
  supportedGrantTypes:
   [ 'urn:ietf:params:oauth:grant-type:saml2-bearer',
     'iwa:ntlm',
     'refresh_token',
     'client_credentials',
     'password' ],
  token:
   { tokenScopes: [ 'am_application_scope', 'default' ],
     validityTime: 2678400,
     accessToken: 'be8661550ee51b7682902e58a58108f6' } }

So it does seem like I have the grant to refresh my access token. Howver the documentation only mentions how to do this when you have a refresh token, which is missing from the reply. What am I doing wrong?

2
apiwso2wso2-am
Why don't you use token API docs.wso2.com/display/AM1100/Token+API ?ajanthan

2 Answers

3
votes

The API you used to generate tokens is not the API for your job. The API 'applications/generate-keys' is there to generate application related keys (Client secret and client id) . The token generated for this has a client_credential grant type. thats why you do not get a refresh token. That token is generated using the client id and secret.

I see you have sent the grant type as 'password' in the payload but those parameters are not valid to start with. that api does not accept grant type name. (api is there to generate the application keys. so grant type is not needed)

Actual sample payload (see https://docs.wso2.com/display/AM1100/apidocs/store/#!/operations#ApplicationindividualApi#applicationsGenerateKeysPost)

{ 
  "validityTime": "3600",
  "keyType": "PRODUCTION",
  "accessAllowDomains": ["ALL"
  ]
}

to generate the tokens please use the token api (https://docs.wso2.com/display/AM1100/Token+API). Those apis are implemented according to the OAuth2 specs. You will get a refresh token when you use 'password' grant type using these token apis

2
votes

You can refresh the token in API Store (developer portal), if you click on the Subscriptions tab, and there either:

  • Manually click the Re-generate button refresh right now, or
  • Click the cURL button to generate the command that you can use to refresh programmatically:

Use cURL button on Subscriptions tab to generate token refresh call

Notes: