Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expired refresh_token should return invalid_grant error #112

Closed
xmedeko opened this issue Mar 11, 2019 · 1 comment
Closed

Expired refresh_token should return invalid_grant error #112

xmedeko opened this issue Mar 11, 2019 · 1 comment
Labels
bug

Comments

@xmedeko
Copy link

xmedeko commented Mar 11, 2019
edited

When a refresh token expired, the authlib reply with 400 invalid_request error: Invalid "refresh_token" in request. However, the 400 invalid_grant should be returned , see https://tools.ietf.org/html/rfc6749#section-5.2 :

The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, ...
@xmedeko xmedeko changed the title Expired refresh_token should return 401 invalid_grant error Expired refresh_token should return invalid_grant error Mar 11, 2019
@lepture lepture added the bug label Mar 18, 2019
@voidpp
Copy link

voidpp commented Sep 15, 2020
edited

Please reopen this, because this commit 2073312#diff-84c27a20f97ed96d8d4492c281c17436 spoiled the fix

@lepture lepture reopened this Sep 17, 2020
coopfeathy added a commit to coopfeathy/authlib-django that referenced this issue Dec 11, 2022
@coopfeathy
Raise invalid_grant error when refresh token is expired
4cbd50c 
Fixed lepture/authlib#112
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lepture @xmedeko @voidpp