Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Access token and Refresh token generation

nmand396
New Contributor
New Contributor

‎08/21/2023 01:17 PM

 HI, I am not able to generate Access token and refresh token using Saviynt. I have followed the REST API guide/Developer handbook as well. 
I have two API calls to generated access token and refresh token and other call to generate the refreshed access token (expired every 30 days) before the refresh token is expired(90 days). 
These calls are not working as expected in saviynt and are working perfectly in Postman. 
 
Sharing you logs and postman calls. 
 
I have tried multiple ways of generating the access token but everytime i get the access token is null. 
 
This application is is not  using   "authType": "oauth2", and tokentype is not used. 
 
Let me know what is wrong with  connection json i prepared
 
Refresh token can be used to generate access token and access token can  be generated 3 times  using  after that we need to generate the new access token and refresh token
 
How i do i pass the tokenresponsepath should i mention it as access_token or data.access_token?
 
generate access token and refresh token
curl --location 'https://api.abc.com/oauth' \
--header 'api-version: 2.0.0' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'client_secret=yyy' \
--data-urlencode 'app_id=xxx'
 
response is 
{
    "status": "200",
    "data": {
        "access_token": "abcd",
        "expires_in": 28804,
        "refresh_token": "def"
    },
    "message": ""
}
 
Generate Refresh access token
 
--header 'api-version: 2.0.0' \
--form 'grant_type="refresh_token"' \
--form 'client_secret="yyy"' \
--form 'app_id="xxx"' \
--form 'refresh_token="aaaaa"'
 
 
Response is :
 
{
    "status": "200",
    "data": {
        "access_token": "bbbb",
        "expires_in": 28595
    },
    "message": ""
}
 
 
Saviynt connection json i prepared is 
{
  "authentications": {
    "userAuth": {
      "url": "https://api.abc.com/oauth/token", // Replace with the actual token endpoint URL
      "httpMethod": "POST",
      "httpParams": {
       
          "app_id": "",
          "client_secret": "",
          "grant_type": "refresh_token",
          "refresh_token": "${refreshToken}"
},
      "httpHeaders": {
        "api-version": "2.0.0",
      },
      "httpContentType": "application/x-www-form-urlencoded",
      "authError": [
        "Unable to authenticate the client",
        "Invalid OAuth token Bearer"
      ],
      "retryFailureStatusCode": [
        401
      ],
      "errorPath": "",
      "maxRefreshTryCount": 5,
      "tokenResponsePath": "access_token",
      "refreshType": "RefreshToken",
      "accessToken": "", // This will be populated with the access token
      "refreshToken":   "aaa=", // Save the initial refresh token here
      "refreshTokenAuthError": [
        "Unable to retrieve SAML assertion",
        "The provided SAML assertion is expired"
      ],
      "refreshTokenErrorPath": "errorMessage",
      "refreshTokenCall": {
        "refreshTokenResponsePath": "data",
        "url": "https://api.abc.com/oauth", // Replace with the token refresh endpoint URL
        "httpMethod": "POST",
        "httpParams": {
         "app_id": "",
        "client_secret": "",
        "grant_type": "password"
},
        "httpHeaders": {
          "api-version": "2.0.0"
        },
        "httpContentType": "application/x-www-form-urlencoded"
      }
    }
  }
}

 

Labels:
0 Kudos
1 REPLY 1

shivmano
Regular Contributor III
Regular Contributor III

‎08/21/2023 11:16 PM

You may need to specify the auth type that needs to be used in the connection JSON. I am not sure if it will work if the authtype is not mentioned. If oauth2 is not being accepted and if that is already tested, then you may try using authtype 'BasicWithAccessToken'. Also, can you replace the tokenResponsePath to data.access_token and refreshTokenResponsePath to data.refresh_token? 

You may also want to replace "refresh_token": "${refreshToken}" with "refresh_token": "${refresh_token}" in the httpParams section for access token. 

If the token type is a bearer, then you may want to pass the access token accordingly. 

You can refer to the below sample

{
"authentications": {
"userAuth": {
"authType": "oauth2",
"url": "https://<domain name>/oauth/token",
"httpMethod": "POST",
"httpParams": {
"company_id": "<>",
"client_id": "<>",
"grant_type": "<>",
"assertion": "${refresh_token}"
},
"httpHeaders": {
"Content-Type": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded",
"authError": [
"Unable to authenticate the client",
"Invalid OAuth token Bearer"
],
"retryFailureStatusCode": [
401
],
"errorPath": "",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"refreshType": "RefreshToken",
"tokenType": "Bearer",
"accessToken": "Bearer asdsdfghjk",
"refreshToken": "<>",
"refreshTokenAuthError": [
"Unable to retrieve SAML assertion",
"The provided SAML assertion is expired"
],
"refreshTokenErrorPath": "errorMessage",
"refreshTokenCall": {
"refreshTokenResponsePath": "",
"url": "https://<domain name>/oauth",
"httpMethod": "POST",
"httpParams": {
"client_id": "<>",
"user_id": "<>",
"token_url": "https://<domain name>/oauth/token",
"private_key": "<>"
},
"httpHeaders": {
"Content-Type": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded"
}
}
}
}

0 Kudos
Copyright © 2024 Khoros, LLC