Can't create new auth token for customers created with no_password flag

I’m trying to get back into a project I’ve had shelved for some time. I have a mobile app that has its own customers/users and we create a shadow user on the Particle side using the no_password flag so that we get an access_token for that customer. We can then bind them to devices, send msgs to devices etc.

I have some old test customers who have invalid access tokens. The refresh tokens are also invalid as they have a short lifespan also. I tried posting to the /oauth/token endpoint with grant_type of password and just passing the username of the customer. Unfortunately that fails b/c I am not supplying a password. If I supply a password with a blank field, same result. If I supply a bogus password I get an invalid credentials response.

How do you obtain an access token for a customer created with the no_password flag set as true??

  • Use the https://api.particle.io/oauth/token endpoint
  • Add the oAuth client ID and client secret as the Basic authentication

In POST request body set:

  • grant_type to client_credentials
  • scope to customer= and the customer email (or other string) you set when you first created the customer.

This will allow you to create a token for any customer at any time.

Great, thanks for that! I couldn’t find that in the docs anywhere! I’ll give it a try.

Another question… since I’m using the shadow customer approach… is there any reason I can’t just create a new access token on each request vs having to deal with handling expired tokens? What’s the conventional wisdom here for the shadow customer approach and tokens?

It depends on how often you’d be creating new tokens. The rate limits for creating tokens is:

  • Maximum of 100 requests every 5 minutes
  • Limited by source IP address (public IP address)

In general, the best option is to create a new token instead of trying to use the refresh token, which is difficult to use and doesn’t work in all situations, though it should work for shadow customers.

If you are creating a lot of new tokens be sure to reduce the validity period so you don’t end up with an excessively large number of unused but not expired tokens. The default is 90 days which is probably too long if you’re not saving the tokens.

I do currently persist the token. I guess I can try to see if the current token is valid using the (Cloud API reference | Reference Documentation | Particle) endpoint, then just generate a new one if not and persist that vs creating a token on each request. Thx for the additional info.