question

kirank avatar image
kirank asked David Marginian commented

OAuth 2.0: Refresh token

Hi,

This question has been asked before. Can we please have a refresh token in the OAUTH flow?

Here are the reasons we are needing it:

1. Refresh token is to keep merchants operations smooth.

2. Clover has newly introduced Ecommerce APIs. Its difficult to make use of those at enterprise grade without automatic renewal of access code.

3. Specifically imagine a single merchant forgetting to manually renew the Oauth of an app and that app's backend is using Ecommerce APIs to accept payments (Developer Pay replacement) then that single merchant will loose his business.


OAuth
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image
David Marginian answered David Marginian edited

Yes, I would like to see us supporting refresh tokens as well. We do have an internal issue to support this but I cannot provide you with an ETA.

For #3, your application can work-around this. For example, when the merchant logs in to your application, you can make a simple REST call and if you receive a 401 you can redirect the merchant through the OAuth flow again. I understand this isn't ideal but it avoids the merchant from having to lose business as you suggested and it isn't terribly difficult to implement.

4 comments
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@David Marginian - Thanks much. Just adding more +1s for the refresh token request.

For #3, yes its a workaround potentially doable - but has a many edge conditions. For example, this assumes merchant (specifically owner) logs into the app every day. In our usage owner logs in occasionally perhaps a few times a week.


Please note that loss of business was restricted before as apps could do less in bulk before the ecommerce API. With E Commerce API being enabled, it allows easy subscription models. You can imagine it exposes more areas where this becomes a problem.

We looked at many OAuth providers. Everyone provides a refresh_token.


1 Like 1 ·

Unfortunately, the only way around this is to securely store the token (which was an assumption of my previous post).

0 Likes 0 ·

thanks for the answer. is there any way to track development status on this?

0 Likes 0 ·

No, there is not. I am watching the issue and haven't seen a lot of movement.

0 Likes 0 ·
jmalone30 avatar image
jmalone30 answered David Marginian commented

Any progress on this?

I am developing an app that allows a 3rd-party app to communicate with Clover. After the first time the merchant configures my app, there is no need to visit my app ever again, if the merchant chooses. So it is impossible to enforce the manual oauth process after the original API Token expires.

The only thing I can think of is to generate an email notification to visit the app, which seems a bit awkward.

1 comment
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

No, there has been no progress.

0 Likes 0 ·
ggior32 avatar image
ggior32 answered David Marginian commented

It has been close to a year since the last update, has there been any progress on this? We run a web service and are going to start running into hundreds of MID's needing manual refreshes. The current solution of manually prompting the user through the Oauth flow is a pretty awkward solution.

1 comment
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Unfortunately, we don't have any updates on this.
0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community