• davide.turchetti
  • NEWBIE
  • 0 Points
  • Member since 2010

  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 1
    Questions
  • 0
    Replies

Hi.

 

I have implemented a client that uses oauth2, storing the access token and the refresh token. It works fine and also refresh operation works, but if the access token expires I expect a specific error message so I can handle the problem refreshing the token.

 

As of Oauth2 reference documentation

http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4

when a request is done with an expired token, the header of the answer should report a "expired_token" error.

 

Actually the Salesforce implementation returns a generic 401 error is returned without additional header information so is not possible to check for the specific error and try to refresh the token with the stored refresh token.

 

The Spring Oauth2 default implementation expect this as of  spring-security-oauth, in

DefaultOAuth2SerializationService.deserializeError()

this is also as discussed here:

http://forum.springsource.org/showthread.php?p=333915#post333915

 

Another related problem is that the expires_on parameter is not returned when the access token is provided at first instance, as discusse on this board here:

http://boards.developerforce.com/t5/REST-API-Integration/OAuth-2-0-User-Agent-flow-doesn-t-return-expires-on/m-p/223323

 

Thanks.