You need to sign in to do that
Don't have an account?
Mike McMahon
how to refresh or revoke access/refresh token, when no refresh token available?
I was working in my sandbox environment trying to figure out the API calls - i had saved my refresh token during my testing but it was lost sometime later during my testing.
Now when I try to hit the API i am receiving:
"expired access/refresh token"
How do I get around this now? I do not have a refresh token so i cannot make a request to refresh my token, and i'm not sure how to expire / delete / revoke it via the UI so that I can proceed with my testing.
my cUrl call is as follows:
curl --form client_id=3MVG92.u...2KycWe --form client_secret=668...930 --form grant_type=password --form username=mike....com --form password=*#()@*#$@ https://test.salesforce.com/services/oauth2/token --proxy 127.0.0.1:3128 --insecure
Hi Mike,
The session lasts as long as its set in Setup->Administration Setup->Security Controls->Session Settings
By default, the timeout value is set to 2 hours. In case you have lost the refresh token, the code needs to re-authorize using response_type, client_id and return redirect_uri.
On successfuly authorization, another request with the authorization needs to be sent to the authorization server
https://login.salesforce.com/services/oauth2/token
The authorization server then responds with a new refresh_token and access_token among other information.
I suggest you go through http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com to understand these flows. Ideally, the code should be able to handle these flows automatically when tokens go missing.
Hope this helps.
I don't think you really answered his question. I have the same issue. I failed to "take down" the refresh token when it was generated and I have no way of "starting over" because I can't
- request a new token, that fails
- request a refresh, that fails cause I don't have the refresh token
Thus the only way I've been able to "start over" is to use the My Personal Options -> Reset Security Token screen. This kind of sucks though because it forces me to use a new security token all around, and any other services I had connected to that token stop working. Wish there was a way to correct this issue using some sort of API / OATH call.