Reputation: 51
Refresh token returns invalid grant type
I'm trying to refresh the access token (based on https://docs.wso2.com/display/IS510/Refresh+Token+Grant) obtained from wso2 identity server; the server returns an invalid grant type response
{
"error": "invalid_grant",
"error_description": "Provided Authorization Grant is invalid"
}
The access token is obtained using the "authorization code" grant type with the openid scope.
I've turned on the logging on the server; however, I'm not able to determine the reason for the invalid grant type response. How can i get the WSO2 Identity Server to refresh my access token using the refresh token?
Logs from the server:
TID: [-1234] [] [2016-03-14 09:20:11,241] DEBUG {org.wso2.carbon.identity.oauth2.OAuth2Service} - Access Token request received for Client ID CHao3ZYUVY6tRX4jJ82yzh4NVpka, User ID null, Scope : [openid] and Grant Type : refresh_token
TID: [-1234] [] [2016-03-14 09:20:11,241] DEBUG {org.wso2.carbon.identity.oauth2.token.handlers.clientauth.AbstractClientAuthHandler} - Can authenticate with client ID and Secret. Client ID: CHao3ZYUVY6tRX4jJ82yzh4NVpka TID: [-1234] [] [2016-03-14 09:20:11,241] DEBUG {org.wso2.carbon.identity.oauth2.token.handlers.clientauth.AbstractClientAuthHandler} - Grant type : refresh_token Strict client validation set to : null
TID: [-1234] [] [2016-03-14 09:20:11,242] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} - Client credentials were fetched from the database. TID: [-1234] [] [2016-03-14 09:20:11,242] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} - Successfully authenticated the client with client id : CHao3ZYUVY6tRX4jJ82yzh4NVpka
TID: [-1234] [] [2016-03-14 09:20:11,243] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} - Client credentials were added to the cache for client id : CHao3ZYUVY6tRX4jJ82yzh4NVpka
TID: [-1234] [] [2016-03-14 09:20:11,245] DEBUG {org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler} - Invalid Refresh Token provided for Client with Client Id : CHao3ZYUVY6tRX4jJ82yzh4NVpka
TID: [-1234] [] [2016-03-14 09:20:11,245] DEBUG {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer} - Invalid Grant provided by the client Id: CHao3ZYUVY6tRX4jJ82yzh4NVpka
TID: [-1234] [] [2016-03-14 09:20:11,246] DEBUG {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer} - OAuth-Error-Code=invalid_grant client-id=CHao3ZYUVY6tRX4jJ82yzh4NVpka grant-type=refresh_token scope=openid
Upvotes: 5
Views: 5293
Answers (1)
Reputation: 616
Question is old... Hopefully it can help someone else after this long ;).
I had the same issue. However, I resolved it by specifying the exact refresh token. It's worth noting that refresh_token is different from the access token. If you don't have/know your refresh_token, use this curl command to get it.
curl -k -d "grant_type=password&username=<username>&password=<password>" -H "Authorization: Basic SVpzSWk2SERiQjVlOFZLZFpBblVpX2ZaM2Y4YTpHbTBiSjZvV1Y4ZkM1T1FMTGxDNmpzbEFDVzhh" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
response will be like this:
{
"scope": "default",
"token_type": "Bearer",
"expires_in": 2604,
"refresh_token": "7d6e9047d44a84e6bae7e80e3996182d",
"access_token": "4255a34923eb464b6dc2983acffef4d8"
}
then use that refresh_token in your renew token curl call.
more details on the 1st curl request here
Peace out .V.
Upvotes: 2
Related Questions
- How do two distinct assertion strings generate identical access tokens in WSO2 Identity Server?
- WSO2 Custom claim handler not being called for password grant_type
- WSO2IS access token always invalid
- Unable to authenticate using adfs as the federated authenticator in wso2 with travelocity app
- Error getting a new token with a valid refresh token with authorization code flow
- "Provided Authorization Grant is invalid" when using refresh_token WSO2 IS 5.2.0
- WSO2 Oauth2 Authentication - Provided Authorization Grant is invalid
- WSO2 IS OAuth2 Resource owner password - getting access token