Skip to content
This repository was archived by the owner on Nov 16, 2018. It is now read-only.

Refreshing OAuth Bearer tokens #66

Description

@jeremdow

I'm having an issue with waterwheel calls failing after the oauth access token has expired.

Request URL: /oauth/token
Request Method: POST
Status Code: 400 

{error: "invalid_grant",…}

"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."

This may be a server issue related to d.o: #2894738 ?

But reviewing the documentation here, I noticed:

grant_type: The type of OAuth 2 grant. Currently password is the only supported value.

However, I was able to make calls via 'access_token' by making the following change:
jeremdow/waterwheel.js@9e51415

Then refresh the token(s) by switching the grant_type back to 'password' after expiration.

Without understanding the underlying issue better, this does prevent the above failure, and I believe(?) sets the proper grant_type for standard requests?

As it was, it seemed that a new refresh token (but not access token) was being returned by every request made via 'password' grant_type, which was only reset on refresh?

Metadata

Metadata

Assignees

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions