刷新令牌返回无效的授权类型 [英] Refresh token returns invalid grant type
问题描述
我正在尝试刷新访问令牌(基于 https://docs.wso2.com/display/IS510/Refresh+Token+Grant) 从 wso2 身份服务器获取;服务器返回无效的授权类型响应
I'm trying to refresh the access token (based on https://docs.wso2.com/display/IS510/Refresh+Token+Grant) obtained from wso2 identity server; the server returns an invalid grant type response
{
"error": "invalid_grant",
"error_description": "Provided Authorization Grant is invalid"
}
使用具有 openid 范围的授权代码"授权类型获取访问令牌.
The access token is obtained using the "authorization code" grant type with the openid scope.
我打开了服务器上的日志;但是,我无法确定无效授权类型响应的原因.如何让 WSO2 身份服务器使用刷新令牌刷新我的访问令牌?
I've turned on the logging on the server; however, I'm not able to determine the reason for the invalid grant type response. How can i get the WSO2 Identity Server to refresh my access token using the refresh token?
来自服务器的日志:
TID: [-1234] [] [2016-03-14 09:20:11,241] 调试{org.wso2.carbon.identity.oauth2.OAuth2Service} - 访问令牌收到客户端 ID CHao3ZYUVY6tRX4jJ82yzh4NVpka、用户 ID 的请求null,范围:[openid] 和授予类型:refresh_token
TID: [-1234] [] [2016-03-14 09:20:11,241] DEBUG {org.wso2.carbon.identity.oauth2.OAuth2Service} - Access Token request received for Client ID CHao3ZYUVY6tRX4jJ82yzh4NVpka, User ID null, Scope : [openid] and Grant Type : refresh_token
TID: [-1234] [] [2016-03-14 09:20:11,241] 调试{org.wso2.carbon.identity.oauth2.token.handlers.clientauth.AbstractClientAuthHandler}- 可以使用客户端 ID 和 Secret 进行身份验证.客户端 ID:CHao3ZYUVY6tRX4jJ82yzh4NVpka TID:[-1234] [] [2016-03-1409:20:11,241] 调试{org.wso2.carbon.identity.oauth2.token.handlers.clientauth.AbstractClientAuthHandler}- 授予类型:refresh_token 严格的客户端验证设置为:null
TID: [-1234] [] [2016-03-14 09:20:11,241] DEBUG {org.wso2.carbon.identity.oauth2.token.handlers.clientauth.AbstractClientAuthHandler} - Can authenticate with client ID and Secret. Client ID: CHao3ZYUVY6tRX4jJ82yzh4NVpka TID: [-1234] [] [2016-03-14 09:20:11,241] DEBUG {org.wso2.carbon.identity.oauth2.token.handlers.clientauth.AbstractClientAuthHandler} - Grant type : refresh_token Strict client validation set to : null
TID: [-1234] [] [2016-03-14 09:20:11,242] 调试{org.wso2.carbon.identity.oauth2.util.OAuth2Util} - 客户端凭据是从数据库中获取的.TID: [-1234] [][2016-03-14 09:20:11,242] 调试{org.wso2.carbon.identity.oauth2.util.OAuth2Util} - 成功使用客户端 ID 对客户端进行身份验证:CHao3ZYUVY6tRX4jJ82yzh4NVpka
TID: [-1234] [] [2016-03-14 09:20:11,242] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} - Client credentials were fetched from the database. TID: [-1234] [] [2016-03-14 09:20:11,242] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} - Successfully authenticated the client with client id : CHao3ZYUVY6tRX4jJ82yzh4NVpka
TID: [-1234] [] [2016-03-14 09:20:11,243] 调试{org.wso2.carbon.identity.oauth2.util.OAuth2Util} - 客户端凭据已添加到客户端 id 的缓存中:CHao3ZYUVY6tRX4jJ82yzh4NVpka
TID: [-1234] [] [2016-03-14 09:20:11,243] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} - Client credentials were added to the cache for client id : CHao3ZYUVY6tRX4jJ82yzh4NVpka
TID: [-1234] [] [2016-03-14 09:20:11,245] 调试{org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler}- 为具有客户端 ID 的客户端提供的刷新令牌无效:CHao3ZYUVY6tRX4jJ82yzh4NVpka
TID: [-1234] [] [2016-03-14 09:20:11,245] DEBUG {org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler} - Invalid Refresh Token provided for Client with Client Id : CHao3ZYUVY6tRX4jJ82yzh4NVpka
TID: [-1234] [] [2016-03-14 09:20:11,245] 调试{org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer} - 无效客户端提供的授权 ID:CHao3ZYUVY6tRX4jJ82yzh4NVpka
TID: [-1234] [] [2016-03-14 09:20:11,245] DEBUG {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer} - Invalid Grant provided by the client Id: CHao3ZYUVY6tRX4jJ82yzh4NVpka
TID: [-1234] [] [2016-03-14 09:20:11,246] 调试{org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer} -OAuth-Error-Code=invalid_grant client-id=CHao3ZYUVY6tRX4jJ82yzh4NVpkagrant-type=refresh_token scope=openid
TID: [-1234] [] [2016-03-14 09:20:11,246] DEBUG {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer} - OAuth-Error-Code=invalid_grant client-id=CHao3ZYUVY6tRX4jJ82yzh4NVpka grant-type=refresh_token scope=openid
推荐答案
问题很老了...希望它可以在这么长时间后帮助其他人;).我遇到过同样的问题.但是,我通过指定确切的 refresh token 解决了这个问题.值得注意的是,refresh_token 不同于 access token.如果您没有/知道您的 refresh_token,请使用此 curl 命令来获取它.
Question is old... Hopefully it can help someone else after this long ;).
I had the same issue. However, I resolved it by specifying the exact refresh token. It's worth noting that refresh_token is different from the access token. If you don't have/know your refresh_token, use this curl command to get it.
curl -k -d "grant_type=password&username=<username>&password=<password>" -H "Authorization: Basic SVpzSWk2SERiQjVlOFZLZFpBblVpX2ZaM2Y4YTpHbTBiSjZvV1Y4ZkM1T1FMTGxDNmpzbEFDVzhh" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
响应将是这样的:<代码>{范围":默认","token_type": "承载",expires_in":2604,"refresh_token": "7d6e9047d44a84e6bae7e80e3996182d",access_token":4255a34923eb464b6dc2983acffef4d8"}
然后在您的 renew 令牌 curl 调用中使用该 refresh_token.关于第一个 curl 请求的更多详细信息 这里和平出来.V.
then use that refresh_token in your renew token curl call.
more details on the 1st curl request here
Peace out .V.
这篇关于刷新令牌返回无效的授权类型的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
