Cannot refresh OAuth tokens

[soundasleep]

I'm having an issue with trying to refresh an OAuth access token with a refresh token.

access_token = "3a308bb52491..."
refresh_token = "40df8ab0de80..."

c = Coinbase::Wallet::OAuthClient.new(access_token: access_token, refresh_token: refresh_token)
#<Coinbase::Wallet::OAuthClient:0x0000000fb6a990 ...>

c.refresh!
*** Coinbase::Wallet::APIError Exception: The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.

Any ideas?

(Does the OAuthClient require the Client ID and Client Secret at all?)

[sds]

Hey @soundasleep, I'm not able to reproduce this locally.

Can you confirm that what you're observing still happens on the latest version of the gem? (4.2.0 at time of writing) Thanks!

[soundasleep]

Hello, thank you for getting back to me!

I've started from scratch, and it seems that it might be from the access token/refresh token expiring, somehow. This flow works with the OAuth2 ruby gem:

    oauth2_client = OAuth2::Client.new(client_id, client_secret, {
      site:          "https://www.coinbase.com",
      token_url:     "/oauth/token",
      authorize_url: "/oauth/authorize",
    })

    auth_url = oauth2_client.auth_code.authorize_url({
      redirect_uri: "https://localhost.openclerk.org:3000/welcome/continue_coinbase2",
      scope:        "wallet:accounts:read,wallet:addresses:read,wallet:user:read",
    })

    redirect_to auth_url

Which then redirects the user to the callback with the code to create the token:

    code = params[:code]

    token = oauth2_client.auth_code.get_token(code, {
      redirect_uri: "https://localhost.openclerk.org:3000/welcome/continue_coinbase2",
    })

And then as long as you immediately store this access token and refresh token, you can refresh the coinbase wallet as much as you need.

    access_token = token.token
    refresh_token = token.refresh_token

    coinbase = Coinbase::Wallet::OAuthClient.new({
      access_token: access_token, 
      refresh_token: refresh_token,
    })
    coinbase.refresh! # works!

But if you try to reuse the access token or refresh token, you get that (not very helpful error):

    # using the old tokens again!
    coinbase = Coinbase::Wallet::OAuthClient.new({
      access_token: access_token, 
      refresh_token: refresh_token,
    })
    coinbase.refresh!
    # *** Coinbase::Wallet::APIError Exception: The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.

I'm going to keep on trying and see if the issue pops up again.

[sds]

Hey @soundasleep, thanks for providing detailed information on the behavior you're observing.

I am not on the team that maintains our APIs, but my guess here is that this is a security feature. Upon refresh, it would make sense to revoke old access tokens, even if they haven't technically expired. I don't believe this is covered in the OAuth 2 spec, but may be an improvement we've implemented on our side.

Thanks again for the detailed response!

[mchalise]

The first time it's working but later it says
Coinbase::Wallet::APIError: The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.

[sds]

Hey @mchalise, as was already pointed out, make sure you use the new access token returned when you refresh the token. The old token will cease to work the moment you refresh.