Should post requests revoke my access token when using Simple Oauth?

Chris

2/28/23, 10:31 AM

I'm using Simple Oauth (4.x) in a headless application which is working well. However, I have noticed that when doing a post request that my access token is revoked, and the next post request will have to refresh the token before making another call. Is this the intended behaviour? I can't find anything in the documentation to suggest it is, but I assume it's there for some security reason.

If it is: how can I avoid it so that the access token doesn't need to be refreshed unless it has expired? In our application there is the possibility of multiple post requests happening in quick succession, which causes all sorts of problems and ends up with the user being logged out.

Other than dealing with it on the frontend (debounce etc.), is there anything I can do on the backend to make multiple post requests use the same access token without refreshing?

Thanks!

0 + 0

authentication-authorization

E.A.T

6/27/23, 2:55 AM

I'm using 5.2.0 and getting tokens revoked only after 403 requests. The logs show `League\OAuth2\Server\Exception\OAuthServerException: The resource owner or authorization server denied the request. in League\OAuth2\Server\Exception\OAuthServerException::accessDenied() (line 243 of ~/vendor/league/oauth2-server/src/Exception/OAuthServerException.php).`. Did you find any solution or source of the issue?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Should post requests revoke my access token when using Simple Oauth?

TH: คำขอโพสต์ควรเพิกถอนโทเค็นการเข้าถึงของฉันเมื่อใช้ Simple Oauth หรือไม่

RO: Solicitările de postare ar trebui să-mi revoce jetonul de acces atunci când folosesc Simple Oauth?

RU: Должны ли запросы на отправку отзывать мой токен доступа при использовании Simple Oauth?

VI: Yêu cầu đăng có nên thu hồi mã thông báo truy cập của tôi khi sử dụng Oauth đơn giản không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.