I'm trying to utilise the refresh_token functionality on my nodejs backend but am not having any luck.
I haven't found any documentation for its use and there is no JS library function for it, so I've tried to do it myself based on details in this post:
So just trying it from the command line using: curl --trace - https://api.particle.io/oauth/token -d grant_type=refresh_token -d refresh_token='BLAHBLAHFAKEBLAHBLAH'
I get a 400 back from the Particle cloud with this message: {"error":"invalid_client","error_description":"Invalid or missing client_id parameter"}
Has anyone figured this one out yet, or know where there's other documenation?
The refresh token is essentially unusable. You need to supply the client ID and secret, which makes it basically the same as a new grant, so there’s really no reason to use the refresh token.
Just create a non-expiring access token, or create a new token, instead.
Ahhhh… I did see that the oAuth spec called for the client id and secret in this message but thought it surely wouldn’t be necessary as it didn’t make sense from a security POV.