drf-social-oauth2
drf-social-oauth2 copied to clipboard
Proper error handling required
Describe the bug
An error is thrown when trying to get a new access token using refresh_token
grant of a revoked token.
To Reproduce Steps to reproduce the behavior:
- Authenticate using
/auth/token
(password
grant), get arefresh_token
and anaccess_token
- Revoke the access token using
auth/revoke-token
. - With the refresh token generated in 1. , try to get a new access token using
/auth/token
(refresh_token
grant) - This will throw 500 error,
oauth2_provider.models.AccessToken.DoesNotExist: AccessToken matching query does not exist.
Expected behavior
I expect the error to be handled silently, and a probably return 400 status code, with message invalid grant
.
Screenshots