question

Upvotes
Accepted
27 8 16 21

Implementation of ERT : questions about token

Hi,


We are currently adapting our product to be able to use the Refinitiv Real-Time - Optimized.

We have the rrt_optimized.pdf and thanks to it we manage to do some stuff.

However, we have several questions about it :


  • Refresh_token : is it submitted to expiration (like access_token) ?


We see that there is an expiration for access_token, Is there any expiration for the refresh_token ?


  • Refresh_token : is there a renewal of the token (or not ?)


“Before expires_in is reached, the application is required to request a new <access_token> from the Refinitiv Data Platform gateway with

the previously received refresh_token, username, client_id, grant_type, and possibly takeExclusiveSignOn. The Refinitiv

Data Platform gateway responds with a new access_token, expires_in, and refresh_token.”


And in the OAuth 2.0 RFC RFC6749 it is specified that the refresh_token renewal is optional. So basically the Refinitiv Data Platform activates this renewal of the refresh_token, can you confirm ?


  • Access_token : invalid token

In the RFC mentioned before we can see the following :

“Refresh tokens are issued to the client by the authorization server and are
   used to obtain a new access token when the current access token
   becomes invalid or expires

How can we know when an access_token is invalid ? Is there any specific error sent ? In which case can I get invalid token ? Scope change, etc. ?


  • We will the refresh access_token proactively (before expiration of the token) to keep the datafeed without any break. Do you see any issue with this approach ?


Thanks,

treprdp-apiwebsocketsrrtorefinitiv-realtime-optimised
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvote
Accepted
24.7k 64 15 21

Hi @Henri.GARDON,

Your questions are not clear.

Refresh_token : is it submitted to expiration (like access_token) ?

Refresh token is used to invoke Refresh Grant, when the Access token expires. Upon successful refresh, a new set of Access and Refresh tokens will be provided to client.

Is there any expiration for the refresh_token ?

In theory, Refresh tokens for streaming data should not expire, but in reality they do. So an application should handle exception conditions and use Password Grant to renew. See this answer for more information.

We will the refresh access_token proactively (before expiration of the token) to keep the datafeed without any break. Do you see any issue with this approach ?

No, there are no issues in this approach, and you can see a sample implementation of this approach in the python service discovery sample here.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
27 8 16 21

Hi Gurpreet,

Thank you for the update, it helps a lot.

Also do you know if there is a documentation with all the error codes ? To know for each one what we need to do.



icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Hello @Henri.GARDON

We do not have a document yet, but you can find an example of error codes and how to handle each error in the RDP Python example code (get_sts_token and query_service_discovery functions). The full RDP examples are on this page.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.