Can I use Asana access_token in the backend?

邮差的信 提交于 2019-12-11 04:31:15

问题


I have an Angular App as a front-end client and a Rails back-end API. I'd like to access Asana's API and and would like to authorise it via the Angular App, so I'm following their OAuth process called Implicit Grant Flow.

After the authorisation process I get a access_token but when trying to use this code on Postman (in order to test the API call I'll implement on the back-end) I get an 401, not authorised code.

Is there a way I could get the user to authorise via the Angular and then exchange this access_token for a permanent to token/code to make subsequent calls on the backend?

If not, do I need to get the user to authorise this every time I need to access the API?

EDIT

Here's the screenshot of my attempts to use the access_token with Postman:

NOTE I've tried the above on Postman minutes after I had authorised the the app, so I'd imagine the token would be valid still.


回答1:


I'd guess that the access_token expires before you get around to testing it. Access tokens are meant to be short-lived (Asana access tokens currently expire after one hour). If this is not the case could you please post the request you are making with Postman (with secrets redacted)?

If you want longer-lived authorizations, you should use the authorization code grant to get a refresh token instead of an access token. You can then exchange the refresh token for temporary access tokens when you need to access the API (the Asana client libraries handle this implicitly).



来源:https://stackoverflow.com/questions/39246941/can-i-use-asana-access-token-in-the-backend

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!