HP Proactive Insights

Refresh Existing OAUTH2 Token Example - Python


# About this Python Sample App

This sample app is a very simple Python application that does the following:

  1. Refreshes an existing token stored on the file system in a json file using its refresh_token.

There are comments in the code that describe high-level what is happening.

You can copy the sample code below. Ensure that you install the referenced imported packages that are not part of the standard library.


# How to Run

  1. Install the requirements with:

    pip install requests

  2. Run the Sample App with:

    python example_refresh_token.py

Problems Running the Code?

If you have any problems running the code then reach out to us in our Community Forum.


Sample Code

import requests
import json
import base64


# Insert your own info here as you defined when you created your APP
# Note that in a real app you would not want to hard-code these values
# Instead you would want to import them from the environment or even use
# a more secure solution like a keystore.
CLIENT_ID = "your-client-id"
CLIENT_SECRET = "your-client-secret"
REDIRECT_URI = "http://127.0.0.1:5000/"
STATE = "yourstatestring"  # note that in a true production app you would use state to protect against cross site attacks
DOMAIN = 'daas.api.hp.com' # use eu hostname if you are in EU


def refresh_token():
    '''refresh existing token for a new one'''

    with open('creds.json', 'r') as f:
        creds = json.load(f)

    refresh_token = creds['refresh_token']

    base64_encoded_clientid_clientsecret = base64.b64encode(str.encode(f'{CLIENT_ID}:{CLIENT_SECRET}'))  # concatenate with : and encode in base64
    base64_encoded_clientid_clientsecret = base64_encoded_clientid_clientsecret.decode('ascii')  # turn bytes object into ascii string

    base_url = f'https://{DOMAIN}'
    url = f"{base_url}/oauth/v1/token"
    headers = {
        'Content-Type': "application/x-www-form-urlencoded",
        'Authorization': f'Basic {base64_encoded_clientid_clientsecret}'
        }

    data = {'grant_type': 'refresh_token',
            'redirect_uri': REDIRECT_URI,
            'refresh_token': refresh_token
            }

    r = requests.post(url, headers=headers, data=data)
    response = r.json()

    if response.get('access_token'):
        # don't store creds in plaintext in a real app obviously
        with open('creds.json', 'w') as f:
            json.dump(response, f, indent=4)
    else:
        print('There was an error refreshing your access token')
        print(r.text)


if __name__ == '__main__':
    refresh_token()  # refresh an existing token (we are assuming you have one stored in creds.json)