To reproduce the error. Login to shoot'nshare with keycloak Have the tokens stored securely in keychain close your app wait for 5 mins open it back try to upload picture ... and boom 400
Here is the refresh request
POST /auth/realms/shoot-realm/tokens/refresh HTTP/1.1 Host: 192.168.0.37:8080 Content-Type: application/x-www-form-urlencoded Connection: keep-alive Accept: / User-Agent: Shoot/1 CFNetwork/711.0.6 Darwin/14.0.0 Content-Length: 667 Accept-Language: en-us Accept-Encoding: gzip, deflate
refresh_token=eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiIwMGY4OTdlNC03MWVhLTQ3Y2MtOWQ3My1kZmVlNDg3MWQ3ZGIiLCJleHAiOjE0MTMzNjg0NDUsIm5iZiI6MCwiaWF0IjoxNDEzMzY3ODQ1LCJpc3MiOiJzaG9vdC1yZWFsbSIsInN1YiI6IjYzNDg2MzA3LWUzNTUtNDAyMS1hNjRlLTk1ODFiZmNmNWFlMSIsInR5cCI6IlJFRlJFU0giLCJhenAiOiJzaG9vdC10aGlyZC1wYXJ0eSIsInNlc3Npb25fc3RhdGUiOiJjMWNmNDIzMi02ZjFhLTQ0ODgtOGQzZS1hYzk3OTU5NzhiOWMiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsidXNlciJdfSwicmVzb3VyY2VfYWNjZXNzIjp7fX0.Q7KK_5vjqISkhnUVnuyDJzzlTZ-zSxkD6cV759snRPf6XtEGhrwV1l07Anf6Og99VTRNKK7JvPt9Yx-a7Cw9ZlNS88PmqU9HmaFwSx9Olnij0rpclfLbqQuq_nHd5pSV_gq1mygbNuQsOB0BKBEpW51FzvIMbDZt3UyLQzcWNNc&grant_type=refresh_token&client_id=shoot-third-party
and its response: HTTP/1.1 400 Bad Request Connection: keep-alive X-Powered-By: Undertow/1 Server: WildFly/8 Transfer-Encoding: chunked Content-Type: application/json Date: Wed, 15 Oct 2014 14:16:44 GMT {"error":"invalid_grant","error_description":"Refresh token expired"}
==> Error linked to KC, from spec not sure a refresh token should expired
corinnekrych: hello Keyclaok team [4:24pm] corinnekrych: I have a question on oauth2 refresh token [4:24pm] corinnekrych: i’ve been surprised to get this answer from keyclaok server: "Refresh token expired" [4:25pm] corinnekrych: for ex Google refresh token never expired so… [4:25pm] corinnekrych: besides default configuration put a very short life for this refresh token, but that;’s good it allows me to see it [4:26pm] corinnekrych: so my question is: when you have an app that stored (securely) access and refresh token so that next app usage, you can transparently refresh the tokens [4:27pm] corinnekrych: without asking for grant again [4:27pm] corinnekrych: how would you deal with refreshing refresh token???\ [4:29pm] corinnekrych: i thought refresh token were not supposed to expire … http://tools.ietf.org/html/rfc6749#section-10.4
I think this
|