I am working on a Custom Connector to interact with ArcGIS REST API. I
have been able to stablish a successful connection using an OAuth2.0
authentication process, which allows me to properly retrieve data. The problem
comes when I try to refresh my token in order to continue my activity after the
first 30 minutes since the connection is stablished.
I am using an “authorization_code” grant type, which provides an
access_token valid for 30 minutes, and a refresh_token valid for two weeks, as
described here:
I wrote the code to refresh token on 401, 403 and 498 errors and the
refresh block as described in the documentation, but for some reason this refresh
block is never implemented. Every request I send after the first 30 minutes
since my connection is stablished keeps using the same old access_token without
refreshing it, which obviously gives me an error response 401 of type “invalid
token”.
What am I missing in order to implement the refresh block and obtain a
new access_token?
Hector Valle Ruiz
ArcGIS API - Refresh token implementation
Hello,
I am working on a Custom Connector to interact with ArcGIS REST API. I have been able to stablish a successful connection using an OAuth2.0 authentication process, which allows me to properly retrieve data. The problem comes when I try to refresh my token in order to continue my activity after the first 30 minutes since the connection is stablished.
I am using an “authorization_code” grant type, which provides an access_token valid for 30 minutes, and a refresh_token valid for two weeks, as described here:
https://enterprise.arcgis.com/en/portal/latest/administer/windows/specify-the-default-token-expiration-time.htm
I wrote the code to refresh token on 401, 403 and 498 errors and the refresh block as described in the documentation, but for some reason this refresh block is never implemented. Every request I send after the first 30 minutes since my connection is stablished keeps using the same old access_token without refreshing it, which obviously gives me an error response 401 of type “invalid token”.
What am I missing in order to implement the refresh block and obtain a new access_token?
This is how my current code looks like:
{
title: "ArcGIS_OAuth2.0_v4",
# Connection block
connection: {
# User input fields
fields: [
{ name: 'client_id', optional: false },
{ name: 'client_secret', optional: false, control_type: 'password' }
],
# Authorization structure type OAuth2.0
# Refer to https://docs.workato.com/developing-connectors/sdk/authentication/oauth2-authentication.html
# Refer to https://developers.arcgis.com/rest/users-groups-and-items/authentication.htm
authorization: {
type: "oauth2",
# Authorization URL with required parameters
authorization_url: lambda do |connection|
params = {
client_id: connection["client_id"],
response_type: "code"
}.to_param
"<portal_url>/arcgis/sharing/rest/oauth2/authorize?" + params
end,
# Use acquire instead of token URL basic block
acquire: lambda do |connection, auth_code|
# Post request with payload instead of parameters
response = post("<portal_url>/arcgis/sharing/rest/oauth2/token").
payload(
client_id: connection["client_id"],
client_secret: connection["client_secret"],
grant_type: "authorization_code",
code: auth_code,
redirect_uri: "https://www.workato.com/oauth/callback"
).
request_format_www_form_urlencoded
# Post response structure definition as array (always required) and variables set
[
{
access_token: response["access_token"],
refresh_token: response["refresh_token"]
}
]
end,
# Defines responses that require to implement the next refresh block
refresh_on: [401, 403, 498],
# Refresh block to be implemented when previous responses are recognized
refresh: lambda do |connection, refresh_token|
# Post request with payload instead of parameters (same endpoint as initial authorization, but different payload - notice "grant type")
response = post("<portal_url>/arcgis/sharing/rest/oauth2/token").
payload(
client_id: connection["client_id"],
grant_type: "exchange_refresh_token",
refresh_token: refresh_token,
redirect_uri: "https://www.workato.com/oauth/callback"
).
request_format_www_form_urlencoded
# Post response structure definition as array (always required) and variables set
[
{
access_token: response["access_token"],
refresh_token: response["refresh_token"]
}
]
end,
# Apply block defines headers for coming requests that required authentication
apply: lambda do |connection, access_token|
headers("Authorization": "Bearer #{access_token}")
end,
}
},
test: lambda do |_connection|
get("/api/v1/echo")
end,
actions: {
# Example request to crosscheck proper authentication
get_users: {
# No input
#Request
execute: lambda do |connection, input|
get("<portal_url>/arcgis/sharing/rest/portals/self/users").
params(
f: "json",
num: "100"
)
end,
# No output
},
},
triggers: {
# Some code here
},
object_definitions: {
# Some code here
},
picklists: {
# Some code here
},
methods: {
# Some code here
},
}
Thank you in advance,
Hector