OAuth2 token request with refresh token failed

[margaretha]

OAuth2 token request with refresh token returns

{"error_description":"Refresh token is expired","error":"invalid_grant"}

because the value of expiry_date in the oauth2_refresh_token table is identical to that of created_date .

The issue was reported by @notesjor

[margaretha]

Expiry date of refresh token can now be customized in client registration . This feature requires an additional database column refresh_token_expiry in the oauth2_client table.

For older clients, the values of refresh_token_expiry is set to 0, which makes the expiry_date of their refresh token identical to the created_date of the refresh tokens.

[margaretha]

refresh_token_expiry allows KorAP OAuth2 clients to define how long refresh tokens should last, according to its purposes.

refresh_token_expiry=0 has been updated to 31536000 that is equivalent to 1 year.

@notesjor could you please check again if the request works for you?

[margaretha]

The request has been tested and it works as expected.