When I try to refresh my access_token with my refresh_token, it gives me an 401 error:
invalid_grant
The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
I am very sure that the refresh token is not expired/invalid because it was OAuthed like 5 minutes ago. It is also not revoked by me.
This is the post request I'm sending (with axios):
POST https://api.coinbase.com/oauth/token
grant_type = 'refresh_token'
client_id = <CLIENT_ID>
client_secet = <CLIENT_SECRET>
refresh_token = <REFRESH_TOKEN>
Thank you for you help.
Related
I am trying to use microsoft365 and oauth to get an access and refresh token. According to Microsoft 365 docs, we need to use the "offline_access" scope to get a refresh token along with access token. However, The response I am getting does not contain a refresh token.
Here is the code I used:
url = "https://login.microsoftonline.com/{}/oauth2/v2.0/token".format(tenant_id)
headers = {
"Content-Type": "application/x-www-form-urlencoded",
}
data = {
"client_id": client_id,
"client_secret": client_secret,
"grant_type": "client_credentials",
"scope": "https://graph.microsoft.com/.default offline_access",
}
response = requests.post(url, headers=headers, data=data)
The response contains the access token like usual, but does not contain the refresh token despite using the offline_access scope. Could someone kindly tell me what the issue is?
I agree with #junnas Client Credential Flow doesn’t return refresh token as user interaction is not present.
I tried to reproduce the same in my environment and got the results like below:
To get the refresh token, you need to choose user interactive flows such as Auth-Code Flow.
I created an Azure AD Application and added API permissions like below:
I generated auth-code using below endpoint:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/authorize?
client_id=ClientID
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=https://graph.microsoft.com/.default offline_access
&state=12345
I generated the access token and refresh token using below parameters:
GET https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
client_secret:ClientSecret
scope:https://graph.microsoft.com/.default offline_access
grant_type:authorization_code
redirect_uri:redirectURi
code:code
By using the above generated refresh token, I refreshed the access token successfully like below:
GET https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
grant_type:refresh_token
refresh_token:xxx
client_secret:xxx
You are using client credentials flow. It does not return a refresh token because you don't need one.
Refresh tokens are involved when a user logs in to your application.
Since doing the authentication again would require that the user does the log in again, instead you get a refresh token to get new tokens.
But in the client credentials case re-authenticating is just a matter of sending the same request again.
Refresh token would add nothing to this.
Send the same request again before your token expires.
I am trying to call OKTA logout api from client. But it ends up with 404 Bad request. It expects 3 parameters: id_token_hint, post_logout_redirect_uri and state(optional). I am hitting request with format
https://{oktaDomain}.com/oauth2/default/v1/logout?id_token_hint={someToken}&post_logout_redirect_uri={someUri}
Purpose is just to wipe out the user session at OKTA by making some implicit call and redirecting user to {someUri}. This uri has been registered in OKTA configuration under Logout redirect uri, as per documentation. After all these efforts, whenever i am hitting request it return me 404 Bad request (token is Invalid)
The id_token_hint which i am passing is jwt id_token, which was returned at the time of authorizing user(login).
Not sure what i am missing ?
Is id_token_hint is some different token from id_token ?
or Is there any problem with URL itself ?
I am trying to access token from one-time code using Google oAuth2. But I am getting an error message redirect_uri_mismatch in the response. However i've already added the redirect_uri in console.
I have my Authorized redirect uri as:
http://localhost:3020/api/users/google_oauth_store_token
My request:
Request URL = https://www.googleapis.com/oauth2/v3/token?code=xXXXxx&client_id=xxxxxx&client_secret=xxx&redirect_uri=http://localhost:3020/api/users/google_oauth_store_token&grant_type=authorization_code
My response:
response = {
"error": "redirect_uri_mismatch",
"error_description": "Bad Request"
}
That was my mistake. I had to use the redirect_uri that i had used in one-time redirect uri. Google uses one of the redirect_uri to rest the client origin.
How I can make authenticated request if I have access token?
I follow this post:
https://developer.linkedin.com/documents/authentication
and pass access token like this:
https://api.linkedin.com/v1/people/~?oauth2_access_token= some token
I always receive error:
<error>
<status>401</status>
<timestamp>1412404356540</timestamp>
<request-id>01GPXMMPI4</request-id><error-code>0</error-code>
<message>Invalid access token.</message>
</error>
Can somebody give me some advice? I am very new in OAuth.
Access token should not be sent in the query string. It should be included in the header in the authorization field.
GET /v1/people/~
...
Authorization: Bearer <access_token>
I have a problem when trying to get the oauth_token and oauth_token_sceret from linkedin oauth api. I can get requestToken (1st request), but in the callback page (after the user approved the app) I'm trying to get the token and the secret but I always get 401 and it says the signature is invalid.
I'm posting the following values to https://api.linkedin.com/uas/oauth/accessToken:
- oauth_consumer_key
- oauth_nonce
- oauth_signature_method
- oauth_timestamp
- oauth_token
- oauth_verifier
- oauth_version
as a side note i don't understand why I'm getting the verifier (I don't need the PIN since it's running in a browser) .
The only way I was able to get the token and the secret was when I also post the "oauth_token_secret" I received in the 1st requrst (when I asked for requestToken).
But I can't get this oauth_token_secret in the callback page.
I found out you need to pass in the secret token you get in the first request for requestToken (1st request) to the access token and it is working.
Once you have the first stage done and you have the request token, you should have been passed back the request token and the verifier, per:
https://developer.linkedin.com/documents/oauth-overview
Then, pass the request token back along with the verifier in the same way you did for the request token (signing the request, etc) and you should receive the access token.