apioo
Authorization Documentation
Hi, Is the documentation out of date?
https://fusio.readthedocs.io/en/latest/concept/authorization.html
I issued a POST to consumer/login and got the following response:
{ "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9hcGkubXVubmkubG9jYWwiLCJzdWIiOiIwNzU4N2FiOC01OTY0LTVmNDYtODU1OC04ZDQzZjI0ZDA1ZTMiLCJpYXQiOjE1OTY2Mzg1NTAsImV4cCI6MTU5NjY0MjE1MCwibmFtZSI6IjJhdWcxMSJ9.GU3b6bKM3Dy0xSaKn-1BSvQ3MnRGpHjo9XUhJvFhKhA", "expires_in": 1596642150, "refresh_token": "77a80a56c75bfadc27e3-7f4911a573e38be299ed6f1a2dffed933752576158f59424-a4d189e931" }
The documentation does not have an expires or refresh_token for this call.
Also when I took that refresh token and immediately attempted to refresh it by posting to /authorization/token with form data grant_type=refresh_token and refresh_token=77a80a56c75bfadc27e3-7f4911a573e38be299ed6f1a2dffed933752576158f59424-a4d189e931
I get
{ "error": "invalid_request", "error_description": "Credentials not available" }
Thanks
Hi, yes so the refresh_token was added later on, if you like you can submit a PR to update the documentation. Regarding the refresh token, you need to add an Authorization header to your refresh request containing the currently active token.
hi @chriskapp thanks for the amazing project im using the exact scheme in Documentation for refreshing the token
POST /authorization/token
grant_type=refresh_token&refresh_token=65e95c8da122a0a5522f-534b054a029019548036c8253d591309247d2899223a6a7b-907deae7ff&client_id=2282581100&client_secret=b32a609cd48e8d0fb0d6a51efefd1a5e
and im sending the token in header az Bearer token but im getting this
{
"error": "invalid_request",
"error_description": "Credentials not available"
}
and im using the Consumer user id and password for client_id and client_secret is that okay?
thnaks best of regards
Hey thanks, yes so as client_id and client_secret you need to provide an app key and secret, so there you cant use your username and password.