Make SDK - Connection - Refresh Token - How to handle

How can I develop an App using Make Apps SDK (integromat.com) that:

1. Set a token (used in Header) and the expiration date
2. After reaches the expiration date, it gets a new token and set the new expiration

I tried this example for the Communication (api.imljson)

{
    
    "token": {
        "url": "https://example.com/credential/generate_token",
        "method": "POST",
        "body": {
            "email": "example@example.com.br",
            "publickey": "example-public-key",
            "apikey": "example-public-key"
        },
        "type": "urlencoded",
        "response": {
            "data": {
                "expires": "{{ parseDate(body.data.token_valid_until, 'YYYY-MM-DD HH:mm:ss', environment.timezone) }}",
                "token": "{{body.data.token}}"
            }
        },
        "log": {
            /**
            "sanitize": [
                "request.body.email",
                "request.body.publickey",
                "response.body.token"
            ]
             */
        }
    },
    "refresh": {
        "condition": "{{data.expires < addMinutes(now, 1)}}",
        "url": "https://example/credential/generate_token",
        "method": "POST",
        "body": {
            "email": "example@example.com.br",
            "publickey": "example-public-key",
            "apikey": "example-public-key"
        },
        "type": "urlencoded",
        "response": {
            "data": {
                "expires": "{{ parseDate(body.data.token_valid_until, environment.timezone) }}",
                "token": "{{body.data.token}}"
            }
        },
        "log": {
            /**
            "sanitize": [
                "request.body.email",
                "request.body.publickey",
                "response.body.token"
            ]
             */
        }
    }
}

The response from POST https://example.com/credential/generate_token is:

{
    "success": true,
    "data": {
        "token": "eyJhbGciOiJIUzI1NiIsInR55uZWN0dGhpbmsuY29tLmJyIn19.jOKS0mrcg6w+A7L//YdU=",
        "token_valid_until": "2022-08-24 20:54:18"
    },
    "profile": {
        "start": 1661381657.959692,
        "finish": 1661381658.055,
        "process": 0.09530806541442871
    }
}

Hi @AndyDaSilva52 ,
can you explain a bit more what are you trying to achieve? If you want to quickly validate your idea, you can try an already working solution. There is an Auth0 integration in Make, you can try the refresh token renewal with Auth0 > Make an API call. You can learn more about refresh tokens here: Refresh Tokens

1. I’m trying to develop an app using the SDK like I said in the begining:

   • Make Apps SDK (integromat.com)

2. This specific API work with a token that is get from for example:

   POST https://example/credential/generate_token
   with 3 parameters in the request body encoded (email, publickey, apikey)

3. One example of response is:

   {
       "success": true,
       "data": {
           "token": "eyJhbGciOiJIUzI1NiIsInR55uZWN0dGhpbmsuY29tLmJyIn19.jOKS0mrcg6w+A7L//YdU=",
           "token_valid_until": "2022-08-24 20:54:18"
       },
       "profile": {
           "start": 1661381657.959692,
           "finish": 1661381658.055,
           "process": 0.09530806541442871
       }
   }
   

4. So, after the time in the property data.token_valid_until had passed I have to get a new token using the same

   POST https://example/credential/generate_token

This token I will use in the headers in all endpoints of this API.

What I need is similar with the OAuth2.0 explained in the docs from the SDK:

• OAuth2 - Make Apps (integromat.com)

The link you shared it seems to have the concept I need, but my question is how to implement this using the Make SDK. Do you know what I missing?

To achieve what you want you need a refresh token in addition to the access token. When your access token expires, it can only be renewed using the refresh token. So, your API would have to support two actions:

1. generate a fresh pair of access + refresh tokens
2. generate a new access token by using the saved refresh token

I am not sure if this is supported by the Make SDK - the documentation explicitly mentions a manual renewal:

When the expires period is overdue, the connection needs to be reauthorized manually

The challenge is to know the timezone for "token_valid_until": "2022-08-24 20:54:18"

So, with the help from the Support Team from Make, they recommended using a JWT Decoder at data.token

The code

api-auth.imljson

{
    "token": {
        "condition": "{{if(data.token, data.expires < addMinutes(now, 1), true)}}",
        "url": "https://api2.eduzz.com/credential/generate_token",
        "method": "POST",
        "body": {
            "email": "{{ parameters.eduzz_email }}",
            "publickey": "{{ parameters.eduzz_publicKey }}",
            "apikey": "{{ parameters.eduzz_apiKey }}"
        },
        "type": "urlencoded",
        "response": {
            "data": {
                "expires": "{{ addSeconds(now, get(decodeJWT(body.data.token), 'payload.exp')) }}",
                "token": "{{body.data.token}}"
            }
        },
        "log": {
            "sanitize": [
                "request.body.email",
                "request.body.publickey",
                "response.body.token"
            ]
        }
    },
    "refresh": {
        "condition": "{{if(data.token, data.expires < addMinutes(now, 1), true)}}",
        "url": "https://api2.eduzz.com/credential/generate_token",
        "method": "POST",
        "body": {
            "email": "{{ parameters.eduzz_email }}",
            "publickey": "{{ parameters.eduzz_publicKey }}",
            "apikey": "{{ parameters.eduzz_apiKey }}"
        },
        "type": "urlencoded",
        "response": {
            "data": {
                "expires": "{{ addSeconds(now, get(decodeJWT(body.data.token), 'payload.exp')) }}",
                "token": "{{body.data.token}}"
            }
        },
        "log": {
            "sanitize": [
                "request.body.email",
                "request.body.publickey",
                "response.body.token"
            ]
        }
    },
    "info": {
        "url": "https://api2.eduzz.com/user/get_me",
        "method": "GET",
        "headers": {
            "token": "{{connection.token}}"
        },
        "response": {
            "metadata": {
                "value": "{{body.data[0].email}}",
                "type": "text"
            }
        },
        "log": {
            "sanitize": [
                "request.headers.token"
            ]
        }
    }
}

code.js for decodeJWT

function decodeJWT(t) {
    const [header, payload, sig] = t.split(".");
    return {
        "header": JSON.parse(Buffer.from(header, 'base64').toString()),
        "payload": JSON.parse(Buffer.from(payload, 'base64').toString()),
        "sig": sig
    };
}

Thanks so much for stepping back into the community and sharing the solution with us @AndyDaSilva52 Greatly appreciated!