0 Replies Latest reply on Feb 13, 2020 10:46 AM by Ravi Desai

    Question about Refresh Tokens and Server Extracts in WDC

    Ravi Desai

      I am currently using Tableau Server and Desktop version 2019.4.2, and have a question about Web Data Connectors and Auth tokens.


      Our WDC requires OAuth2 / OIDC authentication to retrieve a bearer token in order to hit the endpoint that has the data we need.  We got all of this working - our WDC routes to our identity server, you can log in there, and you are redirected back to the WDC which collects the the bearer token, the refresh token, and the expiry date.  It bundles all this up into the a JSON-stringified, Base64 encoded biob, and places this in the tableau.password field.


      So far so good, the extract created can be published on a tableau server and the password blob is dutifully handed to the WDC whenever an extract is run.  However, eventually the bearer token expires.  When this happens, the WDC detects it (by examining the expiry date in the blob) and issues a refresh request to the identity server.  The result of that call is a new bearer token, new refresh token, and a new expiry date.  That is then re-blobbified (technical term) and dutifully placed back in the tableau.password field, so when the calls to retrieve the schema and data are made, it will do so using an updated token.


      The question is this:  Is there a process for updating the extract itself with the new password blob?  If the extract is not updated with the new blob, it will just send the original bearer token, refresh token, and expiry date, which would have the following bad effects:


      1) Once the original bearer token expires, every refresh for that extract would require a new refresh token to be generated

      2) Even if the above weren't a problem, this will eventually fail because the original refresh token will at some point also expire


      This could be avoided if the new password blob (produced as a result of using the refresh token to obtain a new bearer token) could be saved back into the extract for the next time it runs.  Unfortunately, I could not locate anything in the documentation that indicated what you could do to update the password field in this case.  Unless it is automatically happening just by virtue of setting the tableau.password field in the WDC whenever the bearer token is refreshed.