Oauth Login, How to known access token expired?

keerthana_2001 · January 3, 2025, 12:15pm

Hi,

I am trying Oauth login to connect ERPNext from the mobile app, How to know that the access token is expired?
when expired I got a permission error. If I didn’t provide access to some doctype to specific user. That time also, I receive same permission error (403 forbidden).

How do we differentiate this?

revant_one · January 3, 2025, 4:03pm

store expiry and check before using token
use introspection endpoint

keerthana_2001 · January 6, 2025, 10:50am

Thankyou @revant_one

keerthana_2001 · January 8, 2025, 8:06am

HI @revant_one ,

I am seeing all bearer tokens is created onthe Oauth Bearer token, showing active even after the expiry time. So, the introspection endpoint always returns active.

revant_one · January 8, 2025, 9:10am

That needs to be fixed then. You can store the expiry and check that for now. Or check if exp claim from introspection.

keerthana_2001 · January 9, 2025, 1:55pm

Okay @revant_one