I use Python Social Auth - Django to log in my users.
My backend is Microsoft, so I can use Microsoft Graph but I don't think that it is relevant.
Python Social Auth deals with authentication but now I want to call the API and for that, I need a valid access token. Following the use cases I can get to this:
social = request.user.social_auth.get(provider='azuread-oauth2')
response = self.get_json('https://graph.microsoft.com/v1.0/me',
headers={'Authorization': social.extra_data['token_type'] + ' '
+ social.extra_data['access_token']})
But the access token is only valid for 3600 seconds and so I need to refresh, I guess I can do it manually but there must be a better solution. How can I get an access_token refreshed?
Using
load_strategy()
atsocial.apps.django_app.utils
:Now the updated
access_token
can be retrieved fromsocial.extra_data['access_token']
.The best approach is probably to check if it needs to be updated (customized for AzureAD Oauth2):
This is based on the method
get_auth_token
fromAzureADOAuth2
. I don't think this method is accessible outside the pipeline, please answer this question if there is any way to do it.Updates
Update 1 - 20/01/2017
Following an Issue to request an extra data parameter with the time of the access token refresh, it is now possible to check if the
access_token
needs to be updated in every backend.In future versions (>
0.2.1
for thesocial-auth-core
) there will be a new field in extra data:And so this works:
Note: According to OAuth 2 RFC all responses should (it's a RECOMMENDED param) provide an
expires_in
but for most backends (including theazuread-oauth2
) this value is being saved asexpires
. Be careful to understand how your backend behaves! An Issue on this exists and I will be update the answer with the relevant info when it exists.Update 2 - 17/02/17
Additionally, there is a method in
UserMixin
calledaccess_token_expired
(code) that can be used to assert if the token is valid or not (note: this method doesn't work for race conditions, as pointed out in this anwser by @SCasey).Update 3 - 31/05/17
In Python Social Auth - Core v1.3.0
get_access_token(self, strategy)
was introduced instorage.py
.So now:
Thanks @damio for pointing it out.