Configuration settings show tokens that expire before they were generated

Created on 10 January 2023, almost 2 years ago
Updated 3 March 2023, almost 2 years ago

I am a bit confused about the configuration screen and the message that appears when reviewing the tokens.

I see a message that reads "Last token was generated at 01/10/2023 01:42 pm and expires on 12/29/2022 01:16 am." which is, of course, confusing. How would it be that I've generated tokens that expired more than a week ago? Is this normal or has something been misconfigured here?

β†’

---

Proposed solution

  • Check on refresh tokens if there is an expiration date, if not, remove that expiration text from the page UI. or add a line that says it does not expire
πŸ› Bug report
Status

Closed: works as designed

Version

3.0

Component

User interface

Created by

πŸ‡ΊπŸ‡ΈUnited States brooke_heaton

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Status changed to Needs review almost 2 years ago
  • πŸ‡ΊπŸ‡ΈUnited States brooke_heaton

    We evidently did not have long-lived tokens set up - I see now that we must use them. I'm a bit unclear on when and how often the refresh_token would be regenerated. This value is saved in configuration and if we then commit this configuration to our repository, wouldn't that pose a risk that it would break the credentials? Is this something that you would advise keeping codified in our repository? Or would the practice be to use config_ignore to not overwrite this value if it is later regnerated?

  • πŸ‡ΊπŸ‡ΈUnited States rosemarystanley

    Yes, this is explained in the documentation. Scroll down to the part that says

    If you utilize different environments for development, it is highly recommended to make a different API application for each environment so there is no issue with tokens crossing differing environments.

    It explains. In our projects we use config_split β†’ module along with the settings.php file to hold our api credentials.

    Let me know if you have further questions!

  • πŸ‡ΊπŸ‡ΈUnited States brooke_heaton

    Got it - just a heads up that the documentation that you refer to above still recommneds using "Rotating Refresh Tokens" which might be where I went wrong. There's a note below to use "Long Lived Refresh Tokens" but this contradicts the guidance right above. I think that just confused me. I'm still working to get this set up. It was working at one point then stopped after a deployment. We had this problem in the past.

  • πŸ‡ΊπŸ‡ΈUnited States rosemarystanley

    Ah I see. I'll put it on my list to update the documentation. Thank you.

  • πŸ‡ΊπŸ‡ΈUnited States brooke_heaton

    So, I guess I'm continually confused - I apologize. I was able to get things set up once again on our Dev site but see that the tokens state:

    Last token was generated at 02/06/2023 02:57 pm and expires on 02/06/2023 04:57 pm.

    So, evidently these tokens are only good for 2 hours? Is that the case? Is there something that I am missing here? Are these to be refreshed on a cron job? Per the documentation, I have set 'auth_type' => 'auth_code' in Settings.php - is this correct?

  • πŸ‡ΊπŸ‡ΈUnited States rosemarystanley

    No worries.

    This helps me find gaps in the documentation. I had a previous issue β†’ that we determined that constant contact expires tokens after 2 hours β†’ of the last API request. So if you have a signup, or token request it resets that 2 hours.

    There is a cron job to run and it's recommended that your cron runs every 2 hours.

    Now, I tried to find this in the CC docs and they may have changed recently from 2 to 8 hours. (here) But either way, the module does have a hook_cron and cron should be run to regenerate tokens automatically behind the scenes.

    Hopefully that helps.

    I did double check the link of instructions provided and it does not say anything about a cron job, so I'll get that added in. Thanks for your patience.

  • Status changed to Closed: works as designed almost 2 years ago
  • πŸ‡ΊπŸ‡ΈUnited States rosemarystanley

    I updated documentation to include information on running cron automatically. Also with 4.0.0-rc2, I've added a warning for users that have the administrator permission for the module that automated_cron or other automatic running of cron should be available. I believe other issues have been addressed.

Production build 0.71.5 2024