identityserver3 - Cannot use refresh token to obtain new access token and refresh token in Identity Server 3 implementation -

-

i've been playing around thinktecture's identity server , have problems trying reach refresh token endpoint.

what have few clients configured this:

authorization code flow client:

new client 

{     clientid = "tripgalleryauthcode",     clientname = "trip gallery (authorization code)",     flow = flows.authorizationcode,      allowaccesstoallscopes = true,     requireconsent = false,      redirecturis = new list<string>     {         "redirecturi"     },                  clientsecrets = new list<secret>()     {         new secret("somesecret".sha256())     }                     }

hybrid flow client:

new client  {     clientid = "tripgalleryhybrid",     clientname = "tripgalleryhybrid (hybrid)",     flow = flows.hybrid,      allowaccesstoallscopes = true,      requireconsent = false,      identitytokenlifetime = 10,     accesstokenlifetime = 120,      // redirect = uri of mvc application     redirecturis = new list<string>     {         "redirecturi"     },      // needed when requesting refresh tokens     clientsecrets = new list<secret>()     {         new secret("somesecret".sha256())     },     postlogoutredirecturis = new list<string>()     {         "postlogouturi"     } }

what is, have asp.net mvc client uses hybrid flow. after authentication receive access token, refresh token , other stuff.

what trying test refresh token endpoint. way prepare request follows:

i make post request to: /identity/connect/revocation in headers of request have:

  • content-type: application/x-www-form-urlencoded
  • authorization: basic dhjpcgdhbgxlcnlhdxroy29kztptexjhbmrvbwnsawvudhnly3jlda==(this base64 encoded clientid:clientsecret authorization code ones)

in request body have: token=0a24f80dcc97a56ede0e7c04563a3493&token_type_hint=refresh_token

the token 1 came after authentication trough hybrid client.

when fire request returns http 200. no content returned back. when go identity server logs see:

snapshothelper::takesnapshottimercallback snapshothelper::takesnapshotinternal - no new files in codegen w3wp.exe warning: 0 : 2016-11-13 13:54:11.557 +00:00 [warning] authorizationcodestore not configured - falling inmemory w3wp.exe warning: 0 : 2016-11-13 13:54:11.620 +00:00 [warning] tokenhandlestore not configured - falling inmemory w3wp.exe warning: 0 : 2016-11-13 13:54:11.620 +00:00 [warning] consentstore not configured - falling inmemory w3wp.exe warning: 0 : 2016-11-13 13:54:11.620 +00:00 [warning] refreshtokenstore not configured - falling inmemory w3wp.exe information: 0 : 2016-11-13 13:54:12.356 +00:00 [information] start token revocation request w3wp.exe information: 0 : 2016-11-13 13:54:12.401 +00:00 [information] client secret id found: "tripgalleryauthcode" w3wp.exe information: 0 : 2016-11-13 13:54:12.401 +00:00 [information] client validation success w3wp.exe information: 0 : 2016-11-13 13:54:12.401 +00:00 [information] end token revocation request

what expected @ least new access , refresh tokens nothing. guess missing in configuration of clients happy if me.

edit:

i changed endpoint to: /identity/connect/token , changed request body to: grant_type=refresh_token&token=635c7cbcfa1c0417b6d574ade388c0d8&token_type_hint=refresh_token still no success. identity server log says:

snapshothelper::takesnapshottimercallback snapshothelper::takesnapshotinternal - no new files in codegen snapshothelper::takesnapshot time since last: 00:19:59.9992231 w3wp.exe information: 0 : 2016-11-13 20:40:33.406 +00:00 [information] start token request w3wp.exe information: 0 : 2016-11-13 20:40:33.406 +00:00 [information] client secret id found: "tripgalleryauthcode" w3wp.exe information: 0 : 2016-11-13 20:40:33.406 +00:00 [information] client validation success w3wp.exe information: 0 : 2016-11-13 20:40:33.406 +00:00 [information] start token request validation w3wp.exe information: 0 : 2016-11-13 20:40:33.406 +00:00 [information] start validation of refresh token request w3wp.exe error: 0 : 2016-11-13 20:40:33.406 +00:00 [error] "refresh token missing"  "{   \"clientid\": \"tripgalleryauthcode\",   \"clientname\": \"trip gallery (authorization code)\",   \"granttype\": \"refresh_token\",   \"raw\": {     \"grant_type\": \"refresh_token\",     \"token\": \"635c7cbcfa1c0417b6d574ade388c0d8\",     \"token_type_hint\": \"refresh_token\"   } }" w3wp.exe information: 0 : 2016-11-13 20:40:33.406 +00:00 [information] end token request w3wp.exe information: 0 : 2016-11-13 20:40:33.406 +00:00 [information] returning error: invalid_request

second edit:

based on documentation posted here: token endpoint , what's inside of here: tokenrequest , many more resources related came request:

which believe correct one. unfortunatelly still getting http 400 identity server error says: error=invalid_grant. makes me think have make more configuration on client. in of examples on internet can see usage of: absoluterefreshtokenlifetime, slidingrefreshtokenlifetime, refreshtokenusage, refreshtokenexpiration when configuring client. can please give me @ least direction dig into?

solution:

what worked me add these options client: // refresh token options

accesstokentype = accesstokentype.jwt, accesstokenlifetime = 3600, refreshtokenusage = tokenusage.reuse, refreshtokenexpiration = tokenexpiration.absolute, absoluterefreshtokenlifetime = 1296000

you're using revocation endpoint, allows destroy (aka "revoke") token. use refresh token new access token, want token endpoint grant_type=refresh_token, covered in docs: https://identityserver.github.io/documentation/docsv2/endpoints/token.html


Comments

Post a Comment

Popular posts from this blog

asp.net - How to correctly use QUERY_STRING in ISAPI rewrite? -

-
i'm having difficult time , hope guys can help. using helicon isapi rewrite version 3.1.0.104 on our iis server. edit http.conf file , have tried , still fail. this trying do: redirect url: https://www.domain.com/switch-by-version?version=2.8.5.2594 to: https://test.domain.com/load/load.aspx?tver=2.8.5.2594 the version number @ end source url change, , need target url have same version number @ end of url example above shows. i tried following not work: rewritecond %{query_string} ^version=(\d\d?)\.(\d\d?)\.(\d\d?)\.(.*)$ [nc] rewriterule ^/switch-by-version(.*)$ https://test.domain.com/load/load.aspx?tver=%1 [r=307,nc,l] any appreciated! thanks. if it's running in equivalent context of .htaccess , rule shouldn't start / . here's simpler version: rewritecond %{query_string} ^version=(\d+\.\d+\.\d+(?:\..+)?)$ [nc] rewriterule ^switch-by-version/?$ https://test.domain.com/load/load.aspx?tver=%1 [r=307,nc,l]
Read more

jsf - "PropertyNotWritableException: Illegal Syntax for Set Operation" error when setting value in bean -

-
this question has answer here: how send form input values , invoke method in jsf bean 1 answer i error when trying send values jsf page bean. i want set values fields in bean, create airplane instance , add database. error telling me use illegal syntax setter part of bean. why error? didnt find on site helped me problem. here jsf part: <h4>add plane</h4> <c:if test="#{not empty listairplanebb.error}"> <div class="alert alert-danger"> <span class="glyphicon glyphicon-remove"></span> <h:outputtext value="#{listairplanebb.error}" /> </div> </c:if> <h:form> <table class="table"> <thead> ...
Read more

arrays - Algorithm to find ideal starting spot in a circle -

-
so problem have been debating such: your given array of integers representing circle. then, have pick spot in circle start. place start, compare value @ array number of steps took there , if steps less or equal number, include in final set. find place start have elements in set. ex, a=[0, 1, 2] if start @ index=0, then: a[0]=0 < =0 0 included a[1]=1 < =1 1 included a[2]=2 < =2 2 included final set: {0,1,2} if start @ index=1, then: a[1]=1 > 0 1 not included a[2]=2 > 1 2 not included here loop around a[0]=0 > 2 0 included final set: {0} if start @ index=2, then: a[2]=2 > 0 2 not included, here loop around a[0]=0 < = 1 0 included a[1]=1 < = 2 1 included final set: {0,1} so in trivial case, starting position index=0 best position results in final set elements. brute force method of finding obvious, trying find more efficient method. attempts far have been examine trying find max intersect of viable starting ranges calculated each element in arr...
Read more