FASTDEVICE Posted July 12, 2016 Report Posted July 12, 2016 Is there an API the validates if an auth token is expired and if not, what is the recommended way to validate a token before requesting a new one?
Rick Guyton Posted July 12, 2016 Report Posted July 12, 2016 You are wanting to validate that a past token was at one time valid? I'm assuming so that you can request a new one using your API key, but only if the token was once valid?
FASTDEVICE Posted July 12, 2016 Author Report Posted July 12, 2016 I want to test to see if the token is still valid and if not, request a new one. At the moment my routine requests a new token every 30 minutes. It appears that depending on the operation, the lifetime of a token varies.
Rick Guyton Posted July 12, 2016 Report Posted July 12, 2016 Couldn't you just make any old API req with the token and see if you get "status":"success"? Just as an example, do a GET request on /v1/accounts/{account_id}
FASTDEVICE Posted July 12, 2016 Author Report Posted July 12, 2016 I'm trying to avoid a query that returns a large amount of JSON. I'm thinking to do an incomplete .../channels, which returns a null data value and status of "success."
FASTDEVICE Posted July 12, 2016 Author Report Posted July 12, 2016 ahh, but if you have many channels open, even that returns a large amount of JSON.
Rick Guyton Posted July 12, 2016 Report Posted July 12, 2016 Hrm, I donno about channels. They seem to be a bit touchy about the use of that API. May I ask why you are trying to catch that on the front end? Why not just grab a new token when you see it fail?
Rick Guyton Posted July 12, 2016 Report Posted July 12, 2016 Maybe do a GET on v1/accounts/{account_id}/webhooks if absolutely needed? If it returns anything, it should be pretty small.
FASTDEVICE Posted July 12, 2016 Author Report Posted July 12, 2016 old school developer background. I like to validate a value is not null before using it. That way I don't have to fail, set value, and retry.
Rick Guyton Posted July 13, 2016 Report Posted July 13, 2016 I'm almost never accused of doing something the "new fangled" way. I need to take this in for a minute.............Wait For It.......................Awww yea, that's nice. ;)Gun to my head, I'd use v1/accounts/{account_id}/webhooks. First, if you are relying upon webhooks for other parts of your app, you can double check it and make sure they are still there whit this data. So, at least it wouldn't be a totally wasteful request. Second, I don't think very many people even use this feature. So, most accounts will probably be empty. Those that do use the webhooks should only have a couple. So, in any scenario it should be a pretty small request.I'd still assume the token's good for some length of time. At least a minute or two. Can't imagine checking it before every single API call.The best docs I've found are here: https://github.com/2600hz/kazoo/tree/master/applications/crossbar/docMaybe you can find something that works better for you. I don't see any functions that simply validate a token or return static data though.
Guest CBV David Posted July 22, 2016 Report Posted July 22, 2016 You can validate if the auth_token is not expired:Fetch Token auth informationGET /v2/accounts/{ACCOUNT_ID}/user_auth/{AUTH_TOKEN}Doesn't appear that any sort of time to expire information is included in the response.Presumably you've already found this from Rick's link above, but just in case you hadn't: https://github.com/2600hz/kazoo/blob/master/applications/crossbar/doc/user_authentication.mdI believe that on the hosted cluster tokens are currently set to expire after an hour, but you'd probably want to confirm that to be certain.
FASTDEVICE Posted July 23, 2016 Author Report Posted July 23, 2016 I have some test code written about a week ago whereby I hard coded an auth token. The token currently fails the user_auth validation (as expected with a week old hash), but still allows me to use quickcall. I wonder if that's a bug?
.thumb.png.53ba4a40488cd13986c71377d45b8fdf.png)
Recommended Posts