Re-auth on HTTP Error 401¶
When you create a long running service (daemon), you want authentication to be refreshed automatically, without having to intervene manually. A typical example is a service that will post values to Obelisk, or a service that continually processes values from Obelisk.
In this step by step guide we are assuming a service that acts on its own behalf.
Steps to follow¶
Beginning at the start, you want your service to start its initial authenticaton/authorization with Obelisk. This is a 2-phase protocol that requires an Auth Token to get the eventual RPT token that is required to talk to the Obelisk APIs.
Get Auth Token¶
Get RPT Token¶
To get the RPT token, you simply follow step 2 of the Auth details section. The access_token mentioned there, is the Auth Token acquired in our previous step. Now store the received RPT token and its refresh_token plus the refresh_expires_in time. You will need it later.
Do API request¶
Response code 401¶
If you encounter an HTTP response code 401, this means that your RPT token expired. This is normal, as RPT tokens only have a lifetime of a few minutes by design. In this case you should check the expiration time of the refresh token (which is in seconds!) that we acquired in the Get RPT Token step. There are two possible outcomes.
A. RPT refresh_token NOT expired¶
If the refresh_token is not expired yet, you can simply refresh the RPT token, by following the procedure explained in step 4 of the Auth details section. Don't forget to save your new tokens. You should now be able to call the Obelisk APIs again. Until the next 401.
B. RPT refresh_token IS expired¶
If the refresh_token is expired, than the easiest approach is to redo the auth procedure from the start. The reasoning for this is that it is highly likely that your original Auth Token is also expired by now, as is the Auth Token's refresh_token. The more pagmatic option here is to immediatly restart the auth procedure to get a new RPT token as fast as possible.