drf-social-oauth2 icon indicating copy to clipboard operation
drf-social-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon wagnerdelima

Proper error handling required

Open Chappie74 opened this issue 2 years ago • 0 comments

Describe the bug An error is thrown when trying to get a new access token using refresh_token grant of a revoked token.

To Reproduce Steps to reproduce the behavior:

  1. Authenticate using /auth/token (password grant), get a refresh_token and an access_token
  2. Revoke the access token using auth/revoke-token.
  3. With the refresh token generated in 1. , try to get a new access token using /auth/token (refresh_token grant)
  4. This will throw 500 error, oauth2_provider.models.AccessToken.DoesNotExist: AccessToken matching query does not exist.

Expected behavior I expect the error to be handled silently, and a probably return 400 status code, with message invalid grant.

Screenshots image

Chappie74 avatar Feb 12 '22 02:02 Chappie74