Insomnia: [Improvement] Authenticate again if refresh token has expired
- Insomnia Version: 5.15.0
- Operating System: Arch Linux
Details
Hi there!
When the access token expires, Insomnia tries to use the refresh token to get a fresh access token. But, if the refresh token has expired as well, the backend will throw an exception and will not send a fresh access token. In order to solve this issue, I have to clear the expired refresh/access token to allow Insomnia to authenticate again and fetch new refresh and access tokens.
If I have lots of requests with expired refresh tokens, I have to expend some time clearing and authenticating all over again.
Would be possible to add a checkbox near the refresh token, or in the advanced options, to indicate that if the refresh token is expired, Insomnia shall send a fresh authentication request to fetch new tokens? This should be optional, since the developer may want to test expired refresh token.
Best regards,
Rafael Pacheco.
rafaelrenanpacheco
All 6 comments
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 4 Jun 2018
I think this feature request would improve Insomnia usability a lot. We have our backend microservices all using OAuth2, and usually our team have to clear the token to get a new fresh authentication, because the refresh token was already expired. This happens a lot because the refresh token has a 2 week lifetime, and since we have lots os microservices, it's very frequent to test some API that has an expired refresh token.
rafaelrenanpacheco
on 4 Jun 2018
Agreed. This should be done 馃槃
gschier
on 4 Jun 2018
Any news on this one? Would love to see this feature
jagmit
on 10 Jul 2018
I would love to see this feature. Clearing the tokens became a natural action for us, because everyday we face lots of expired refresh tokens.
PS: Since OAuth2 doesn't impose expiration time on refresh tokens, the Insomnia behavior could be something like If access token has expired and the refresh token didn't work for 'some' reason, I'll reauthenticate from the beginning just once, so you can test your API happily.
rafaelrenanpacheco
on 28 Dec 2018
This is not working for me.
I have two OAuth2 Requests. When I send one after the other it is working fine, token and refresh token are set. Now when I'm clicking on "refresh token" (or wait until token expired) and try to use the other request, the refresh token and access token are of course expired.
So when I send the request, authentication is invalid.
Now I need to manually clear the token to perform the new request.
Maybe it would make sense to sync the refresh token and access token between OAuth2 Requests with the same Access Token URL and Grant Type.
tobi6112
on 12 Aug 2019
Related issues
slashsbin
路
4Comments
rootext
路
3Comments
wimdecorte
路
3Comments
isobit
路
3Comments
oliverjanik
路
3Comments
Most helpful comment
Agreed. This should be done 馃槃