REST API Token Question

15 views
Skip to first unread message

Cynthia Davis

unread,
Nov 29, 2021, 9:22:44 AM11/29/21
to taigaio
I'm working on a script that interacts with the REST API and I had some questions about the auth and refresh tokens returned by the /auth endpoint.
  1. Does the refresh token need to be submitted to the /auth/refresh endpoint before the auth token expires in order to receive a new auth token?
  2. I noticed that the auth token is valid for one day and the refresh token is valid for nine...which appears to be different than what the code specifies in the link that I have (see here).  Do I have the correct link?  If not, is there a link to the code for the REST API?
Many thanks in advance.
Regards,
CJD

David Barragán

unread,
Nov 30, 2021, 4:51:28 AM11/30/21
to Cynthia Davis, taigaio
Hi Cynthia,

On Mon, Nov 29, 2021 at 3:22 PM Cynthia Davis <cjd...@uchicago.edu> wrote:
I'm working on a script that interacts with the REST API and I had some questions about the auth and refresh tokens returned by the /auth endpoint.
  1. Does the refresh token need to be submitted to the /auth/refresh endpoint before the auth token expires in order to receive a new auth token?
Not, you can use the refresh token before or after the auth token has expired.
 
  1. I noticed that the auth token is valid for one day and the refresh token is valid for nine...which appears to be different than what the code specifies in the link that I have (see here).  Do I have the correct link?  If not, is there a link to the code for the REST API?
The lifetime is set in the settings of the Taiga instance. For every Taiga server, defaults values are set here: https://github.com/kaleidos-ventures/taiga-back/blob/main/settings/common.py#L446./ Currently those values for the last Taiga version are:

  - ACCESS_TOKEN_LIFETIME: 24 hours
  - REFRESH_TOKEN_LIFETIME: 8 days

But each sysadmin can change it in they instance.

Best Regards

 
Many thanks in advance.
Regards,
CJD

--
Please help us keep the Taiga.io Community open and inclusive, follow our Code of Conduct:
https://github.com/taigaio/code-of-conduct/blob/master/CODE_OF_CONDUCT.md
---
You received this message because you are subscribed to the Google Groups "taigaio" group.
To unsubscribe from this group and stop receiving emails from it, send an email to taigaio+u...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/taigaio/ce1c5cd9-df74-4c94-bdbf-90f04450baccn%40googlegroups.com.


--
Logo Kaleidos David Barragán Merino
Engineer & Co-founder 
kaleidos.net/FFF8E7
 


Este mensaje y sus archivos adjuntos van dirigidos exclusivamente a su destinatario, y pudiendo contener información confidencial sometida a secreto profesional, o cuya divulgación esté legalmente prohibida. Cualquier opinión en él contenida es exclusiva de su autor y no representa necesariamente la opinión de la empresa. Si ha recibido este mensaje por error, le rogamos nos lo comunique de forma inmediata por esta misma vía y proceda a su eliminación, así como a la de cualquier documento adjunto al mismo. El correo electrónico vía Internet no es seguro y no se puede garantizar que no haya errores ya que puede ser interceptado, modificado, perdido o destruido, o contener virus. Cualquier persona que se ponga en contacto con nosotros por correo electrónico se considerará que asume estos riesgos.

KALEIDOS OPEN SOURCE se reserva las acciones legales que le correspondan contra todo tercero que acceda de forma ilegítima al contenido de cualquier mensaje externo procedente del mismo.

INFORMACIÓN PROTECCIÓN DE DATOS. Responsable: KALEIDOS OPEN SOURCE (B86241973)

Le informamos que sus datos identificativos y los contenidos en los correos electrónicos y ficheros adjuntos pueden ser incorporados a nuestras bases de datos con la finalidad de mantener relaciones profesionales y/o comerciales y, que serán conservados mientras se mantenga la relación. Si lo desea, puede ejercer su derecho a acceder, rectificar y suprimir sus datos y demás reconocidos normativamente dirigiéndose al correo emisor o en los datos del responsable. Para información y consultas visite nuestra web  https://kaleidos.net

Cynthia Davis

unread,
Nov 30, 2021, 2:34:01 PM11/30/21
to taigaio
Hello David,
Thanks for the quick reply!  I have a few follow-up clarifications/questions.

I'm currently scripting against the hosted Taiga REST API; we're using the online version.  I'm using the python-taiga module to make the calls 
When I send the refresh token to the /auth/refresh endpoint after the access token has expired, I get the following error:
taiga.exceptions.TaigaRestException: {"error": "Server application error"}
Is this due to the fact that I'm using the hosted version?

David Barragán

unread,
Dec 1, 2021, 3:15:08 AM12/1/21
to Cynthia Davis, taigaio
No, Taiga uses exactly the same api that you are acting on, there's no limitation in this regard for third parties.

Maybe the call parameters are not appropriate. For example, remember that it is not necessary to pass the authentication code in the header to the refresh request.



Reply all
Reply to author
Forward
0 new messages