1

I am currently developing who requesting a rest api from salesforce. I am successfully getting a refresh_token as a response of my authorization with php curl. I want to know if is there any way to check if my current refresh_token is still valid or not ? so that if my refresh_token is not valid i can programmatically request another valid refresh_token.

Thanks.

Danryl Tigol Carpio
  • 639
  • 2
  • 13
  • 25

2 Answers2

1

The only way I know of to validate a refresh token is to attempt to use it to get an access token - if the attempt fails, the refresh token is no good.

metadaddy
  • 16,416
  • 5
  • 55
  • 101
  • What makes the refresh_token not valid ? is that a normal behaviour of the rest_token ? – Danryl Tigol Carpio Mar 09 '16 at 07:23
  • The user or an admin can revoke the refresh token; the admin can also set policy to control the refresh token's lifetime. – metadaddy Mar 10 '16 at 04:23
  • In my case. I admin and user didn't manually revoke the stored refresh_token. And also I set the refresh_token policy to Valid until revoked so it means no expiry right ? and i can use my stored token to retrieve data anytime i want? My issue is very similar to this post but i dont get the excact fixed for this problem.http://salesforce.stackexchange.com/questions/65590/what-causes-a-connected-apps-refresh-token-to-expire – Danryl Tigol Carpio Mar 10 '16 at 05:25
  • In these circumstances then, yes, the refresh token should be valid indefinitely, but if you were writing an app, you would want to handle the case where it might have been revoked. – metadaddy Mar 10 '16 at 20:54
  • Here is my project . 2 wordpress plugin . first plugin called portal, this plugin is used only for communicating salesforce authorization via oauth2 and then saved the refresh_token to my database. The only can made authorization is the admin the user can't. And then the second plugin task is to process user data from worpdress to salesforce via refresh_token grant type. 1 example of that is user registration. The only solution I know to get over this issue is when the refresh_token expires I will let user to reauthorize for new refresh_token and it is really bad. – Danryl Tigol Carpio Mar 11 '16 at 01:55
  • I don't want user will do authorization its not their task to reconnect the connection for my app to salesforce and also I don't want admin always reconnect the app day by day so that the app always communication to salesforce .How to get over this refresh_token expiration ? is there any way we can do to make reresh_token valid forever ? – Danryl Tigol Carpio Mar 11 '16 at 01:59
  • I think you should look at JWT Bearer Token flow - this will let your plugin obtain a token for any user authorized for the app. Try it out and ask new questions as this comments thread isn't the place to figure it out. – metadaddy Mar 11 '16 at 21:11
  • Is there any sample snippets that I can experiment for php about JWT Bearer Token Flow ? – Danryl Tigol Carpio Mar 14 '16 at 04:00
0

You can't get refresh token using api so you need to trick the code to validate session in following way.

try {

            if(isset($_SESSION['sessionId']))
            {
                 $mySforceConnection->createConnection("partner.wsdl.xml");
                 $mySforceConnection->setEndpoint($_SESSION['location']);
                 $mySforceConnection->setSessionHeader($_SESSION['sessionId']);
                /*************call getservicetimestamp to validate*******/ 
                $timstamp = $mySforceConnection->getServerTimestamp();
            }

        } catch (Exception $e) {
                if(strpos($e->getMessage(),'INVALID_SESSION_ID')!==false)
                {
                    /********Create connection again*********/
                }

        }
Himanshu
  • 10,486
  • 5
  • 20
  • 33