Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

invalid refresh token should be invalid_grant instead of invalid_toke…

…n error
  • Loading branch information...
commit bf31a1f47a1ea57d9d9372dee229aaac65ce9e2d 1 parent 7c702ad
@stoicflame stoicflame authored dsyer committed
View
7 ...main/java/org/springframework/security/oauth2/provider/token/RandomValueOAuth2ProviderTokenServices.java
@@ -21,6 +21,7 @@
import org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
+import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.ClientAuthenticationToken;
@@ -142,18 +143,18 @@ public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication)
public OAuth2AccessToken refreshAccessToken(RefreshTokenDetails tokenDetails) throws AuthenticationException {
String refreshTokenValue = tokenDetails.getRefreshToken();
if (!isSupportRefreshToken()) {
- throw new InvalidTokenException("Invalid refresh token: " + refreshTokenValue);
+ throw new InvalidGrantException("Invalid refresh token: " + refreshTokenValue);
}
removeAccessTokenUsingRefreshToken(refreshTokenValue); //clear out any access tokens already associated with the refresh token.
ExpiringOAuth2RefreshToken refreshToken = readRefreshToken(refreshTokenValue);
if (refreshToken == null) {
- throw new InvalidTokenException("Invalid refresh token: " + refreshTokenValue);
+ throw new InvalidGrantException("Invalid refresh token: " + refreshTokenValue);
}
else if (isExpired(refreshToken)) {
removeRefreshToken(refreshTokenValue);
- throw new InvalidTokenException("Invalid refresh token: " + refreshToken);
+ throw new InvalidGrantException("Invalid refresh token: " + refreshToken);
}
OAuth2Authentication authentication = createRefreshedAuthentication(readAuthentication(refreshToken), tokenDetails.getScope());
Please sign in to comment.
Something went wrong with that request. Please try again.