Discussions

Discussions

Ask a Question
Back to all

Questions About OAuth in Paradox

last year by Tommy Penner

On the reference page about authentication, I think the expected payload in OAuth 2.0 - Manual Token Creation section could be cleaned up a bit. It seems to show access_token, and expires_in as required fields, and refresh_token is clearly marked TODO. It looks like someone may have inadvertently combined the request and response structures in the documentation.

But on top of that I have questions about the limitations of the /auth/token endpoint.

  1. The endpoint seems to only return an expires_in period of 86400 seconds (24 hours). Is there a way to get a token with a longer life?
  2. expires field is not sent. Should be a date.
  3. issued field is not sent. Should be a date.
  4. refresh_token is not sent. This would be nice to have for refreshing the access token before expiry.
  5. We were given login credentials in addition to client ID and client secret. Do the login credentials not matter for the purposes of interacting with the API suite? We would like to know where those enter into the equation.

https://paradox.readme.io/reference/authentication

Log in to add a comment.