- Status changed to Needs review
almost 2 years ago 7:53pm 20 January 2023 - πΊπΈUnited States brooke_heaton
We evidently did not have long-lived tokens set up - I see now that we must use them. I'm a bit unclear on when and how often the refresh_token would be regenerated. This value is saved in configuration and if we then commit this configuration to our repository, wouldn't that pose a risk that it would break the credentials? Is this something that you would advise keeping codified in our repository? Or would the practice be to use config_ignore to not overwrite this value if it is later regnerated?
- πΊπΈUnited States rosemarystanley
Yes, this is explained in the documentation. Scroll down to the part that says
If you utilize different environments for development, it is highly recommended to make a different API application for each environment so there is no issue with tokens crossing differing environments.
It explains. In our projects we use config_split β module along with the settings.php file to hold our api credentials.
Let me know if you have further questions!
- πΊπΈUnited States brooke_heaton
Got it - just a heads up that the documentation that you refer to above still recommneds using "Rotating Refresh Tokens" which might be where I went wrong. There's a note below to use "Long Lived Refresh Tokens" but this contradicts the guidance right above. I think that just confused me. I'm still working to get this set up. It was working at one point then stopped after a deployment. We had this problem in the past.
- πΊπΈUnited States rosemarystanley
Ah I see. I'll put it on my list to update the documentation. Thank you.
- πΊπΈUnited States brooke_heaton
So, I guess I'm continually confused - I apologize. I was able to get things set up once again on our Dev site but see that the tokens state:
Last token was generated at 02/06/2023 02:57 pm and expires on 02/06/2023 04:57 pm.
So, evidently these tokens are only good for 2 hours? Is that the case? Is there something that I am missing here? Are these to be refreshed on a cron job? Per the documentation, I have set 'auth_type' => 'auth_code' in Settings.php - is this correct?
- πΊπΈUnited States rosemarystanley
No worries.
This helps me find gaps in the documentation. I had a previous issue β that we determined that constant contact expires tokens after 2 hours β of the last API request. So if you have a signup, or token request it resets that 2 hours.
There is a cron job to run and it's recommended that your cron runs every 2 hours.
Now, I tried to find this in the CC docs and they may have changed recently from 2 to 8 hours. (here) But either way, the module does have a hook_cron and cron should be run to regenerate tokens automatically behind the scenes.
Hopefully that helps.
I did double check the link of instructions provided and it does not say anything about a cron job, so I'll get that added in. Thanks for your patience.
- Status changed to Closed: works as designed
almost 2 years ago 4:08pm 3 March 2023 - πΊπΈUnited States rosemarystanley
I updated documentation to include information on running cron automatically. Also with 4.0.0-rc2, I've added a warning for users that have the administrator permission for the module that automated_cron or other automatic running of cron should be available. I believe other issues have been addressed.