openid
access token refresh with refresh token
I try to refresh an expired access token using the "performActionWithFreshTokens" method in OIDAuthState. I currently use 1.0.0 beta version of AppAuth. I have the same issue on 0.0.95 version too.
When I called the method, I get the following response from Keycloak server. { "error": "invalid_grant", "error_description": "Refresh token expired" }
But the problem is that the completion handler is not getting called for "dataTaskWithRequest" method in OIDAuthorizationService. (Line:292 ) NSURLSession *session = [OIDURLSessionProvider session]; [[session dataTaskWithRequest:URLRequest completionHandler:^(NSData *_Nullable data, NSURLResponse *_Nullable response, NSError *_Nullable error) {
I think I need some more info here. If the completion handler on the token refresh isn't being called, how do you know what the error message is for the token refresh?
Can you provide some more detailed logs? Define _APPAUTHTRACE and AppAuth will output more logs.
I am also encountering this issue. Pod- AppAuth 0.95.0
Code excerpt (if that helps): Code_OIDC signin flow.txt
I can easily reproduce by:
- Open app
- Sign in
- Save OIDServiceConfiguration and OIDAuthState to db (encrypted)
- Close app
- Wait till access token expiry time has elapsed
- Open app
- Read in OIDServiceConfiguration and OIDAuthState from db
- Send request using performActionWithFreshTokens:
AppAuth logging:
`2019-03-18 17:08:08.213799-0400 ...[15392:411979] Token Request: https://.../oauth2/token
Headers:{ "Content-Type" = "application/x-www-form-urlencoded; charset=UTF-8"; }
HTTPBody: refresh_token=ddb15ee3-9556-3997-a9a8-125f0f7371d8&client_id=klYTntXLIruu8MnVpyesCS7kXtIa&grant_type=refresh_token
2019-03-18 17:08:08.848909-0400 ...[15392:412045] Token Response: HTTP Status 400 HTTPBody: {"error_description":"Persisted access token data not found","error":"invalid_grant"}`
I think this is caused by SFSafariViewController not retaining my IdP's cookie (containing client's IdP session id) over restarting app.
UPDATE
Nevermind my ramblings. Turns out my problem was I hadn't saved the refreshed tokens, so I attempted to refresh tokens with a already-used refresh token.
Thank you to all the contributors of AppAuth. Appreciate all your hard work.
Yes Thank you
On Apr 17, 2019, at 10:49 AM, Markus <[email protected]mailto:[email protected]> wrote:
@chcsdickersonhttps://github.com/chcsdickerson So this issue can be closed?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/openid/AppAuth-iOS/issues/349#issuecomment-483976665, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AVFJbOxEiVk0WiRGr-wzGaGxGvwHuwzmks5vhtITgaJpZM4aH_Dd.
I think this is caused by SFSafariViewController not retaining my IdP's cookie (containing client's IdP session id) over restarting app.
UPDATE
Nevermind my ramblings. Turns out my problem was I hadn't saved the refreshed tokens, so I attempted to refresh tokens with a already-used refresh token.
Thank you to all the contributors of AppAuth. Appreciate all your hard work.
hello, same problem like u, i want to force refresh token anytime when user open app, but the 2nd time the refresh_token does not saved into oauth, then i got error invalid_grant in 3rd call updating, when i checked in server, it's return "can not find refresh_token matched", can.u provide some ways that u solved this? Thanks
Hello, we are facing this issue a lot with IOS 15 any suggestion on how we can avoid it
we can easily reproduce it by following this scenario :
- Open app
- Sign in
- Save OIDServiceConfiguration and OIDAuthState to DB (encrypted)
- Close app
- Wait till access token expiry time has elapsed
- Open app
- Read in OIDServiceConfiguration and OIDAuthState from DB
- Send a request using performActionWithFreshTokens
- Our App forced to log out because the Access token was not valid or exist.
Thanks in advance
