Python API: check if authentication is still valid

Hi everyone :slight_smile:

I wrote a python script using the official python wrapper for the asana API. Authentication and all the others things i planed to do are working very well, but when my token expires after 60 minutes I struggle to detect that. Is there a method to check if authentication is still valid?
client.session.authorized
Seems not to be updated when the 60 minutes expire.

Thanks a lot and have a nice day!
Jakob

2 Likes

Hey @Jakob_Developer!

Good question. It looks like our library uses requests-oauthlib, who’s docs are here: OAuth 2 Workflow — Requests-OAuthlib 1.3.1 documentation

I think the best solution is the third option, automatic refreshing. With our lib in it’s current state, you should be able to do it with something like this:

asana.Client(session.AsanaOAuth2Session(
  client_secret="super_secret", 
  token={'access_token': accessToken},
  auto_refresh_url=refresh_url,
  token_updater=token_saver
))

Warning: The above code is psudocode, I haven’t tested that these are the right params in the right place.

This looks like something we will add to the client library in the future, as having you deal with the refresh logic can be a pain.

In the mean time, if you’d rather just get up and running asap. You can use the try except logic of the first or second options in the link.

1 Like

Hi @Ross_Grambo just checking, I take it the library hasn’t been updated yet to add the refresh logic? I’m struggling with this myself.

Cheers,

Peter B

1 Like

Sorry @Peter_Bowmar, I haven’t prioritized this yet. I would review a PR if you get it working in the meantime.

1 Like

I was able to get this working using the following code (I’m having a little trouble w/formatting):

token[‘expires_in’] = -10
client = asana.Client.oauth(
client_id = CLIENT_ID,
client_secret = CLIENT_SECRET,
token = token,
auto_refresh_url = TOKEN_EXCHANGE_URL,
auto_refresh_kwargs = {
‘client_id’: CLIENT_ID,
‘client_secret’: CLIENT_SECRET,
‘redirect_uri’: REDIRECT_URI
},
redirect_uri = REDIRECT_URI,
token_updater = token_updater,
)

I try that with a token generated from a previous session. If the token doesn’t exist, then I prompt the user to authorize the app and save the token for subsequent sessions.

You need to pass the auto_refresh_kwargs so that requests_oauthlib makes the correct POST request to https://app.asana.com/-/oauth_token.

It’s also important to note that your code has to keep track of the token’s moment of expiration and change token[‘expires_in’] accordingly. The auto refresh is only triggered when that value is negative.

This took me a long time to figure out! Hopefully it helps someone!

2 Likes

I am right now struggling with this. Why is this not part of the python library yet? This should be HIGH priority since many backend applications will need this. I can’t believe this is not implemented yet :roll_eyes:

1 Like

Hi asana devs, can this be documented better or you can just give a code snippet?

Do you have to invoke some library function for the auto refresh or just set the token[‘expires_in’] of the “token” variable in the code to -10 with a scheduled function that does this, say, every 3500 seconds?

Bump.

Still no success with getting a refresh, token, see also my post here:

I would really appreciate some support :slight_smile: