Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refresh token #432

Closed
pawanvirsingh opened this issue Nov 29, 2016 · 7 comments
Closed

refresh token #432

pawanvirsingh opened this issue Nov 29, 2016 · 7 comments
Labels
question

Comments

@pawanvirsingh
Copy link

what is the inbuilt url for genrating acces_token from refresh token in this package.

how can i generate a fresh access token from my old refresh token is there any url available or i have to make it custom.
@jleclanche
Copy link
Member

See #351

@phillbaker
Copy link
Contributor

To clarify, a request to the generic tokens endpoint like (following the example):

curl -X POST -d "grant_type=refresh_token&client_id=<client_id>&refresh_token=<refresh_token>"  http://localhost:8000/o/token/

should return a new access token for apps created the public client type. For private client apps, the client id/secret will likely need to be provided in the basic auth header.

@joelranjithjebanesan7
Copy link

joelranjithjebanesan7 commented Jan 16, 2018
edited
Loading

this command shows invalid client error...anything else

@joelranjithjebanesan7
Copy link

joelranjithjebanesan7 commented Apr 9, 2018 via email

@sachin87
Copy link

sachin87 commented Feb 19, 2020
edited
Loading

@phillbaker @pawanvirsingh I am getting
{
"error": "invalid_grant"
}
in response, what's wrong with my request.

@oma0256
Copy link

oma0256 commented May 31, 2020

@sachin87 check to verify that you set your details correctly. For instance in my case my client_id was wrong.

@proteusvacuum
Copy link

You may have already solved this @sachin87 , but I came across this issue recently.
The

{ "error": "invalid_grant" }

message is returned if the refresh_token you are using has been revoked or previously used.

This message is raised in oauthlib here:

https://github.com/oauthlib/oauthlib/blob/d54965b86ce4ede956db70baff0b3d5e9182a007/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py#L113-L117

And is caused when django-oauth-toolkit returns False here:

django-oauth-toolkit/oauth2_provider/oauth2_validators.py

Lines 697 to 707 in 9d2aac2

null_or_recent = Q(revoked__isnull=True) | Q(
revoked__gt=timezone.now() - timedelta(seconds=oauth2_settings.REFRESH_TOKEN_GRACE_PERIOD_SECONDS)
)
rt = (
RefreshToken.objects.filter(null_or_recent, token=refresh_token)
.select_related("access_token")
.first()
)
if not rt:
return False

It's a bit of a confusing error message for that outcome.

@konsalex konsalex mentioned this issue Sep 10, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@phillbaker @proteusvacuum @jleclanche @sachin87 @pawanvirsingh @oma0256 @joelranjithjebanesan7