Reputation: 86
AuthenticationTokenReceiveContext can't access token value in Owin.Security / Identity Framework upon token refresh
In a .net project with Identity Framework I can't renew tokens, even though I can generate one. The exception is follows:
[ArgumentNullException: Value cannot be null.
Parameter name: token]
Microsoft.Owin.Security.Infrastructure.AuthenticationTokenReceiveContext..ctor(IOwinContext context, ISecureDataFormat`1 secureDataFormat, String token) +136
Microsoft.Owin.Security.OAuth.<InvokeTokenEndpointRefreshTokenGrantAsync>d__44.MoveNext() +158
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) +25
Microsoft.Owin.Security.OAuth.<InvokeTokenEndpointAsync>d__1e.MoveNext() +2159
Due to this exception, the debugger won't even step into the token refreshing function:
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin");
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
string hashedTokenId = Helper.GetHash(context.Token);
using (AuthRepository _repo = new AuthRepository())
{
var refreshToken = await _repo.FindRefreshToken(hashedTokenId);
if (refreshToken != null )
{
//Get protectedTicket from refreshToken class
context.DeserializeTicket(refreshToken.ProtectedTicket);
var result = await _repo.RemoveRefreshToken(hashedTokenId);
}
}
}
I'm debugging using Postman, and the request posted contain proper token, which isn't detected in request body, neither in request header.
Katana dev team has marked this as a bug: http://katanaproject.codeplex.com/workitem/480 but also stated that no updates are coming.
The same codebase runs on a remote server: http://ngauthenticationweb.azurewebsites.net/
Complete project in which this can be reproduced is available at: https://github.com/tjoudeh/AngularJSAuthentication
How could I force token into the context, to prevent the exception?
Upvotes: 2
Views: 1559
Answers (2)
Reputation: 21
You need to include the authorization header in postman, so the systems knows the user is authorized to refresh the token.
Example:
Upvotes: 0
Reputation: 1
Could you check the grant_type and client_id in postman? The grant_type should be 'password'.
Sample: username=abcd&password=abc@123&grant_type=password&client_id=c4b2f91dbe014b558d7fa00ca54ed33d
Upvotes: 0
Related Questions
- IdentityServer4 refresh token invalid grant
- How to use 'refresh_token' in IdentityServer 4?
- Request Access Token using refresh token with IdentityModel 4.1.1
- ASP.NET Core 5 + IdentityServer4 doesn't send refresh token
- Refresh token exception in identity server 4
- How to refresh access token
- Using .NET Core Identity and need to refresh token
- Refresh Token and Access Token from Identity Server4
- Refreshtoken in null in Identity Server 4
- How to request a refresh token with identityserver4