simple-oauth2
simple-oauth2 copied to clipboard
lelylan
refresh() API does not work
Context
- node version: v19.4.0
- module version with issue: v5.0.0
- last module version without issue:
- environment: node
- any other relevant information:
What are you trying to achieve or the steps to reproduce?
accessToken.refresh() does not work. #420 was closed since it did not use the issue template. So recreating the issue with the template.
The following piece of code works fine:
const {ClientCredentials} = require('simple-oauth2')
async function test(client_id, client_secret) {
const credentials = new ClientCredentials({
client: {id: client_id, secret: client_secret},
auth: {tokenHost: 'https://portal.getjoan.com', tokenPath: '/api/token/'}
})
let accessToken = await credentials.getToken()
if (true || accessToken.expired()) { // Emulate token expiry
console.log('Refreshing expired token ....')
accessToken = await credentials.getToken()
}
return accessToken
}
client_id='EIFZqijAtYH6DOkgBJV2pthRFHoSmQOq3niiJfoi'
client_secret='gRlHMs35NchXe5fkfFiYTyVMXD5PXaKLURPNtlIMLgJm3Pp8YzfrygjEuDjvGAukS1UfNTYHiI7cIX6za2sKvB9gu2HMdtzyNATqgstqo0FdDRUrFwxU6OVzhYvans6v'
test(client_id, client_secret).then(token => console.log(token))
However, if I change it use the refresh API, it does not work:
if (true || accessToken.expired()) { // Emulate token expiry
console.log('Refreshing expired token ....')
accessToken = await accessToken.refresh()
}
What was the result you got?
throw new Boom.Boom(`Response Error: ${res.statusCode} ${res.statusMessage}`, { statusCode: res.statusCode, data });
^
Error: Response Error: 400 Bad Request
at internals.Client._shortcut (/Users/pbhowmick/workspace/node-joan/node_modules/@hapi/wreck/lib/index.js:569:15)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async Client.request (/Users/pbhowmick/workspace/node-joan/node_modules/simple-oauth2/lib/client/client.js:39:22)
at async AccessToken.refresh (/Users/pbhowmick/workspace/node-joan/node_modules/simple-oauth2/lib/access-token.js:49:22) {
What result did you expect?
Not an error. This might be because the library is putting auth headers for the refresh request (see https://github.com/lelylan/simple-oauth2/issues/32) but https://github.com/lelylan/simple-oauth2/pull/54 was never merged.
I'm getting the same issue. It returns the content-type is not JSON compatible. Probably it cannot build the inner request properly.
Hey @pathikrit. Did you tried my suggestion at your previous issue? Did it worked? If not, how is it failing?
This kind of issue is mostly a matter of configuration. Cannot suggest anything more specific, as it is highly dependent on the particular OAuth2 server provider and I do not have the time to dig into each specific provider's requirements.
For anyone else facing this issue, please open a new issue with the specific details of your issue. Just posting that you are having the same problem won't help at all, because again, most of the time is a configuration change that it is highly dependent on each provider.
Did you tried my https://github.com/lelylan/simple-oauth2/issues/420#issuecomment-1414073828 at your previous issue? Did it worked? If not, how is it failing?
Still failing in same way. As I said, the error is happening because I don't auth headers in the refresh request (see #32) and the fix in #54 was never merged
Just want to add one last piece of information. The client credentials grant type doesn't usually support tokens refresh, you'll need to get a new token for that particular grant type. This is noted in our docs:
Warning: Tokens obtained with the Client Credentials grant may not be refreshed. Fetch a new token when it's expired.
I'll close this issue, if you are still having issues, please open a new issue with a complete reproduction.