This topic describes the methods used to obtain or refresh an access token.
You can obtain an access token in multiple ways based on the application type. For more information, see Application overview.
All methods described in this topic are used to obtain an access token. To obtain an access token, specify the api_endpoint parameter when you call the construction method.
const client = new PDSClient({
api_endpoint: `https://${domain_id}.api.aliyunpds.com`
})The options parameter of the IPDSRequestConfig type is encapsulated based on the request config options of axios. For more information, see AxiosRequestConfig.
getUserJwtToken
Obtains an access token when you access Drive and Photo Service from a JSON Web Token (JWT) application.
First, you must create a JWT application in the Drive and Photo Service console, configure a public key for the application, and then obtain the private key. Then, use the ID and private key of the JWT application to obtain an access token.
Note: This method is supported only in the Node.js environment.
const result = await client.getUserJwtToken(params, options)Sample code
const domain_id = 'Your domain ID'
const client_id = 'Your JWT application ID'
const privary_key_pem = 'Your private key'
const user_id = 'The ID of the user for which you want to obtain an access token'
const client = new PDSClient({
api_endpoint: `https://${domain_id}.api.aliyunpds.com`
})
const params = {
domain_id,
client_id,
private_Key_pem,
user_id,
auto_create: false, // Specifies whether to automatically create a user if the specified user does not exist.
}
const jwtToken = await client.getUserJwtToken(params)Request parameters
Parameter | Type | Required | Description |
params | IGetUserJwtTokenReq | Yes | The parameters. |
options | IPDSRequestConfig | Other optional configurations. |
IGetUserJwtTokenReq
Parameter | Type | Required | Description |
client_id | string | Yes | The JWT application ID. |
private_key_pem | string | Yes | The private key string in the Privacy Enhanced Mail (PEM) format. |
domain_id | string | Yes | The domain ID. |
user_id | string | Yes | The unique ID of the user. You must make sure that the user ID is unique in the specified domain. |
auto_create | boolean | Specifies whether to automatically create a user if the specified user does not exist. If an initial drive is configured in the domain, an initial drive is automatically created for the user when the user is automatically created. Default value: false. |
Response parameters
Parameter | Type | Required | Description |
result | ITokenInfo | Yes | The information about the access token that represents the identity of the user. |
ITokenInfo
Parameter | Type | Required | Description |
access_token | string | Yes | The |
refresh_token | string | The | |
expire_time | string | The expiration time of the | |
expires_in | string | The validity period of the | |
token_type | string | The type of the | |
user_id | string | The unique ID of the current user. | |
role | string | The role that is assumed by the current user. | |
Other parameters | For more information, see Token. |
Sample code of ITokenInfo
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cC******AKBkbYjejHYX3d42VzSZ70",
"refresh_token": "a5a1ebadaba6*****27f4122",
"expires_in": 7200,
"token_type": "Bearer",
"user_id": "4b14efc*****6f63740",
"user_name": "User 1",
"avatar": "",
"nick_name": "User 1",
"default_drive_id": "1",
"role": "user",
"status": "enabled",
"expire_time": "2022-02-16T07:59:14Z",
"is_first_login": false,
"domain_id": "daily21453"
}getServiceJwtToken
Obtains an access token for the service account of a domain. The obtained access token has the super administrator permissions and is used for O&M management operations.
Note: This method is supported only in the Node.js environment.
const result = await client.getServiceJwtToken(params, options)Sample code
const domain_id = 'Your domain ID'
const client_id = 'Your JWT application ID'
const privary_key_pem = 'Your private key'
const client = new PDSClient({
api_endpoint: `https://${domain_id}.api.aliyunpds.com`
})
const params = {
domain_id,
client_id,
private_Key_pem,
}
const jwtToken = await client.getServiceJwtToken(params)Request parameters
Parameter | Type | Required | Description |
params | IGetServiceJwtTokenReq | Yes | The parameters. |
options | IPDSRequestConfig | Other optional configurations. |
IGetServiceJwtTokenReq
Parameter | Type | Required | Description |
client_id | string | Yes | The JWT application ID. |
private_key_pem | string | Yes | The private key string in the PEM format. |
domain_id | string | Yes | The domain ID. |
Response parameters
Parameter | Type | Required | Description |
result | ITokenInfo | Yes | The information about the access token that represents the super administrator identity of the service account of the domain. |
refreshJwtToken
Refreshes an access token that is obtained when you access Drive and Photo Service from a JWT application.
An access token is valid for 2 hours, and a refresh token is valid for seven days.
During the validity period of a refresh token, you can call this method to refresh an access token regardless of whether the access token expires.
After you refresh the access token, a new access token is returned and the old access token becomes invalid.
const result = await client.refreshJwtToken(params, options)Sample code
const client_id = 'Your JWT application ID'
const client = new PDSClient({
api_endpoint: `https://${domain_id}.api.aliyunpds.com`
})
const params = {
client_id,
refresh_token: 'xxxxxxx',
}
const jwtToken = await client.refreshJwtToken(params)Request parameters
Parameter | Type | Required | Description |
params | IRefreshJwtTokenReq | Yes | The parameters. |
options | IPDSRequestConfig | Other optional configurations. |
IRefreshJwtTokenReq
Parameter | Type | Required | Description |
client_id | string | Yes | The JWT application ID. |
refresh_token | string | Yes | The refresh token that is used to refresh the access token that has expired. |
Response parameters
Parameter | Type | Required | Description |
result | ITokenInfo | Yes | The information about the updated access token. |
getTokenByCode
Obtains an access token by using the one-off authorization code that is obtained in the OAuth access process.
For more information about the OAuth access process, see the OAuth 2.0 access for web server applications section of the "OAuth 2.0 For Web Server Applications" topic.
const result = await client.getTokenByCode(params, options)Sample code
const client_id = 'Your OAuth application ID'
const client_secret = 'Your OAuth application secret'
const redirect_uri = 'The callback URL of your OAuth application'
const client = new PDSClient({
api_endpoint: `https://${domain_id}.api.aliyunpds.com`
});
const params = {
client_id,
client_secret,
redirect_uri,
code: 'xxxxxxx', // The one-off authorization code that is obtained in the OAuth access process.
};
const token = await client.getTokenByCode(params)Request parameters
Parameter | Type | Required | Description |
params | IGetTokenByCodeReq | Yes | The parameters. |
options | IPDSRequestConfig | Other optional configurations. |
IGetTokenByCodeReq
Parameter | Type | Required | Description |
client_id | string | Yes | The OAuth application ID. |
client_secret | string | The OAuth application secret. This parameter must be specified if the application type is webserver. | |
redirect_url | string | Yes | The callback URL of the OAuth application. |
code | string | Yes | The one-off authorization code that is obtained in the OAuth access process. |
Response parameters
Parameter | Type | Required | Description |
result | ITokenInfo | Yes | The information about the access token that represents the identity of the user. |
refreshToken
Refreshes an access token that is obtained in the OAuth access process.
An access token is valid for 2 hours, and a refresh token is valid for seven days.
During the validity period of a refresh token, you can call this method to refresh an access token regardless of whether the access token expires.
After you refresh the access token, a new access token is returned and the old access token becomes invalid.
const result = await client.refreshToken(params, options)Sample code
const client_id = 'Your OAuth application ID'
const client_secret = 'Your OAuth application secret'
const redirect_uri = 'The callback URL of your OAuth application'
const client = new PDSClient({
api_endpoint: `https://${domain_id}.api.aliyunpds.com`
})
const params = {
client_id,
client_secret,
redirect_uri,
refresh_token: 'xxxxxxx'
}
const token = await client.refreshToken(params)Request parameters
Parameter | Type | Required | Description |
params | IRefreshTokenReq | Yes | The parameters. |
options | IPDSRequestConfig | Other optional configurations. |
IRefreshTokenReq
Parameter | Type | Required | Description |
client_id | string | Yes | The OAuth application ID. |
client_secret | string | The OAuth application secret. This parameter must be specified if the application type is webserver. | |
redirect_url | string | Yes | The callback URL of the OAuth application. |
refresh_token | string | Yes | The refresh token that is used to refresh the access token that has expired. |
Response parameters
Parameter | Type | Required | Description |
result | ITokenInfo | Yes | The information about the updated access token. |