Reply   |   Start a new discussion topic
Developer Forum » Invalid Access Token
Started by Private User on 2/15/2015
Displaying all 3 messages
Private User
2/15/2015 at 15:21
The Access Token I get from a request to https://www.geni.com/platform/oauth/request_token and `grant_type` = 'client_credentials' refuses to be recognized by other Geni endpoints. I am basing myself on the application flow. Nothing seems to resolve the issue while the token seems to be valid at first. It had not expired either because I get an `expires_in` of 3600 seconds.

Any thoughts on how to resolve this issue? I tried sending along client id, key and secret but nothing helps. The access token is passed along using the 'access_token' parameter.
Paul Ellenbogen
7/22/2015 at 14:33
I also have this issue. It is strange, because calls to https://www.geni.com/platform/oauth/validate_token return {"result":"OK"}
Paulo Pinto
6/14/2016 at 16:52
The Client Credentials grant is used when the Client (your application) is also the Resource Owner (the owner of the data that it needs access to).
If you are trying to access user data, such as private user profiles, your application does not own those private profiles so the access token will not work for those resources (I assume that's what's happening).

In order for your application to get access to private user profiles, you'll need to use the Authorization Code grant (on Geni, they call it the Server side flow: https://www.geni.com/platform/developer/help/oauth_server_side?version=1).
This is a 2 step process where your application first asks for a code on the authorization end point:

https://www.geni.com/platform/oauth/authorize?client_id=YOUR_APP_KEY&redirect_uri=YOUR_URL

then, if the user grants access to their private data, your application needs to exchange that code for an access token:

https://www.geni.com/platform/oauth/request_token?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE

With this access token, your application now has access to that user's private profiles.

Hope this helps.
rails-1a-010