Refresh token cannot be used to obtain new access token
回答済みHi,
- Access token and refresh token are obtained (via Box Token generator) and stored in some storage;
- For 1 hour API access works as expected;
- After 1 hour API responds with 401 status code and header WWW-Authenticate: Bearer realm="Service", error="invalid_token", error_description="The access token provided is invalid."
- Look like Box .NET SDK tries to refresh token pair with provided refresh token:
POST https://app.box.com/api/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: app.box.com
Content-Length: 193
Expect: 100-continue
Accept-Encoding: gzip, deflate
grant_type=refresh_token&refresh_token=XXX&client_id=ZZZ&client_secret=YYY
API responds with
HTTP/1.1 400 Bad Request
Server: ATS
Date: Mon, 04 Jul 20**removed**:19:34 GMT
Content-Type: application/json
Content-Length: 69
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Set-Cookie: ...
Set-Cookie: ...
Age: 0
Connection: keep-alive
{"error":"invalid_grant","error_description":"Invalid refresh token"}
Where is the fault: in Box .NET SDK or in API? For me looks like that the refresh operation must return new pair of access token + refresh token.
-
So it turned out that test refresh tokens obtained via https://box-token-generator.herokuapp.com/ for some reason cannot be used to get a new access token. Using https://box-oauth2-mvc.azurewebsites.net instead solved the issue.
サインインしてコメントを残してください。
コメント
2件のコメント