All geek questions in one place

Refresh token returns invalid grant type

I am trying to update an access token (based on https://docs.wso2.com/display/IS510/Refresh+Token+Grant ) received from the wso2 authentication server; the server returns an incorrect grant type response

{ "error": "invalid_grant", "error_description": "Provided Authorization Grant is invalid" }

An access token is obtained using the grant type "authorization code" with an openid scope.

I turned on logging on the server; however, I cannot determine the cause of the incorrect grant type response. How can I get WSO2 Identity Server to update an access token using an update token?

Logs from the server:

TID: [-1234] [] [2016-03-14 09: 20: 11,241] DEBUG {org.wso2.carbon.identity.oauth2.OAuth2Service} - request access token received for client identifier CHao3ZYUVY6tRX4jJ82yzh4NVpka, user ID null, Scope Applications: [openid] and Grant Type: refresh_token

TID: [-1234] [] [2016-03-14 09: 20: 11,241] DEBUG {} Org.wso2.carbon.identity.oauth2.token.handlers.clientauth.AbstractClientAuthHandler - Can be authenticated using client identifier and privacy . Client ID: CHao3ZYUVY6tRX4jJ82yzh4NVpka TID: [-1234] [] [2016-03-14 09: 20: 11,241] DEBUG {} Org.wso2.carbon.identity.oauth2.token.handlers.clientauth.AbstractClientAuthHandler_Grant type: client check set to: null

TID: [-1234] [] [2016-03-14 09: 20: 11,242] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} - Client credentials were obtained from the database. TID: [-1234] [] [2016-03-14 09: 20: 11,242] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} - successfully authenticated the client with the client ID: CHao3ZYUVY6tRX4jJ82yzh4NVpka

TID: [-1234] [] [2016-03-14 09: 20: 11,243] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} - Client credentials were added to the cache for client ID: CHao3ZYUVY6tRX4jJ82yzh4NVpka

TID: [-1234] [] [2016-03-14 09: 20: 11,245] DEBUG {} Org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler - Invalid update token for a client with a client identifier: CHao3ZYUVY6tRX4jJ82yzh4NVpka

TID: [-1234] [] [2016-03-14 09: 20: 11,245] DEBUG {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer} - Invalid Grant provided by client Id: CHao3ZYUVY6tRX4jJ82yzh4NVpka

TID: [-1234] [] [2016-03-14 09: 20: 11,246] DEBUG {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer} - OAuth-Error-Code = invalid_grant client-id = CHao3ZYUVY6tRX4jJ82yzh4NVpka grant -type = refresh_token scope = openid

+5
source share
2 answers

The question is old ... I hope it can help someone else after that for a long time;). I had the same problem. However, I solved this by specifying the exact refresh token . It is worth noting that refresh_token is different from access token . If you don't know / don't know your refresh_token , use this curl command to get it.

 curl -k -d "grant_type=password&username=<username>&password=<password>" -H "Authorization: Basic SVpzSWk2SERiQjVlOFZLZFpBblVpX2ZaM2Y4YTpHbTBiSjZvV1Y4ZkM1T1FMTGxDNmpzbEFDVzhh" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
Answer

will be like this: { "scope": "default", "token_type": "Bearer", "expires_in": 2604, "refresh_token": "7d6e9047d44a84e6bae7e80e3996182d", "access_token": "4255a34923eb464b6dc2983acffef4d8" }

then use refresh_token in your renew local token call. more information about 1st curl request here Worlds. IN.

+2
source

Please check out this blog , which explains the cURL command and its contents. I hope this blog will solve your problem.

0
source

Source: https://habr.com/ru/post/1244988/

More articles:


All Articles