Twice I had my python programs failing because the access_token was changed. Updating tot the new access_token fixed the problem.
The problem is that I don’t know when/how/why the access_token was changed. I certainly didn’t do it manually in Build.
What I have done is put the Spark on another wifi network. Does that change the access_token? I wouldn’t hope so.
Right now the access token changes when you hit the login endpoint on the api, and this endpoint is also hit by the build site and the mobile apps – (if you login / logout). We have a task on our roadmap to correctly support multiple oauth clients and access tokens which should make those tokens a bit more stable. Personally I have my code login each time and use a fresh access token when possible, but that won’t be necessary later on.
Are we talking about the "Access Token" which is shown in the spark.io "Settings" screen? That token was established when I first registered my core and I have never reset it. I've logged in and logged out dozens of times, reset my core, changed access points, etc., and it has never changed. I use python scripts and a REST client with that token embedded and have never had a problem.
My understanding is that the Access Token (see below) would only change if it was Reset (or perhaps if the core is re-claimed.)
@dorth I believe it is actually reset when you log in with the mobile app (iPhone/Android), but not from the web IDE. basically a new auth token is created every time you request one, and the mobile apps request one as part of login.
Sorry about any confusion, Zach is right. Essentially the mobile apps and your own apps hitting the api can request an access token by sending a POST to “/oauth/token” that looks something like:
That request causes the previous token to be invalidated, and a new one granted. Logging into the build site doesn’t cause the token to be invalidated because it’s special, and we recognized that would be really inconvenient. Down the road - the mobile apps, the build site, and your own custom apps will all get different client specific access tokens, so this won’t be an issue. For my code I “log in” using this POST method to make sure I always have a current token. Hope that helps.
I think you’re right in that it’s not well documented yet, but it certainly will be! I suspect we were waiting until the auth endpoints were a bit more well rounded, and we had some nice tools for managing clients / tokens.
This happened to me yesterday and I thought I was going mad! The access token reset. Glad to see its ‘a feature’ rather than a bug, but some more documentation would be great to clear up confusion.