OAuth - Authentication and Authorization

What are the expiration times of the OAuth codes and tokens

Authorization Code = 7 min

Access Token = 86400 seconds, or 24 hours 

Refresh Token = never expires unless exchanged for a new Access Token  (since you will get new refresh token with it ) .


Authorization Code - granted after authorizing client application with Digikey.com login credentials,used to receive access token.

Access Token - used to make requests

Refresh Token - Used when Access Token is expired.  Submit refresh token to receive valid Access Token.

Error during "Getting your Authentication Code" process

During the authorization process a password form is presented (url: sso.digikey.com), in this form you will use the credentials for your My Digi-Key account.

If you do not have a My Digi-Key account it can be created here: https://www.digikey.com/MyDigiKey/Register

If you do not know your My Dig-Key account credentials or username they can be reset or found here: https://www.digikey.com/MyDigiKey/login

When does the Refresh Token expire?

The Refresh Token will never expires unless exchanged for a new Access Token (since you will get new refresh token with it) .

The Refresh Token will be invalidated if the registered application's client id or client secret is reset.

As long as the client id and client secret has not been reset, and you have the most recent Refresh Token, it can be exchanged for a new Access Token.

Do I need to use OAuth? May I have a permanent token instead?

Digi-Key has found that the implementation of OAUth 2.0 is the simplest way to mutually be assured of a user's identity and the user's permitted access to our APIs. For the reason that sensitive information is exposed by our APIs, Digi-Key will only allow clients authenticated via OAuth 2.0 access.  Dig-Key strictly uses the three-legged OAuth flow.

Digi-Key will not permit access via permanent access tokens nor via any other equally less secure processes.

How do I reset my application client secret?

Your application client secret is stored encrypted so we cannot retrieve the unencrypted version to tell you the value if you forget it.

You can reset it, which will update the stored value and return the new value to you.

To do that click 'Apps' in the main menu, click on the application in question and then you can click the 'Reset' link in the 'Client Secret' section.

Your new secret will be displayed at the top of the page.

Subscribe to RSS - OAuth - Authentication and Authorization