Using a third-party OAuth access token - expired secret

5 Comentários

  • Greg Katechis
    Zendesk Developer Advocacy

    Hi Oana! That is a new one for me, which must mean that I'm getting behind the times on security protocols. Automatically refreshing the client_secret seems like it's going to cause problems everywhere, so I googled it to try to find some information and I can't find any details. Would you mind sharing the documentation for the OAuth provider you're using so that I can dig into this for you?

    0
  • Oana Veronica Pop

    Hello Greg!

    The provider is Azure Active Directory B2C: https://learn.microsoft.com/en-us/azure/active-directory-b2c/authorization-code-flow

    Thanks for looking into this!

    0
  • Greg Katechis
    Zendesk Developer Advocacy

    Thanks for providing that! I took a look at those docs and the refresh aspect was actually for the token, not for the secret, which is expected and totally functional with Azure. In the docs you shared, you'll see that we can automatically refresh the token if the access token response contains an `expires_in` and `refresh_token` value. When I looked through the docs from Azure that you sent, the payload response does include both of those values, so you should be in good shape!

    If I missed something in the Azure docs about the client_secret refreshing, please let me know.

    0
  • Kithiyon A

    Hello Greg-Katechis

    I'm also facing the same issue. I am making an OAuth authentication with Zoho. The response from the authentication request has the expires_in and refresh_token values. You can find this here

    0
  • Oana Veronica Pop

    Hey Greg!

    As you can see in the attached image from the documentation, it says the client secret should be changed on a periodic basis. And from the portal the expiration date must be set in order to generate a secret(it's a mandatory field with a max allowed period of 2 years). And the client secret seems to be mandatory in Zendesk in order to generate an access and a refresh token. 

    0

Por favor, entrar para comentar.

Powered by Zendesk