Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refresh ID token help #1402

Open
simonprice14 opened this issue Feb 26, 2024 · 1 comment
Open

Refresh ID token help #1402

simonprice14 opened this issue Feb 26, 2024 · 1 comment
Labels
question

Comments

@simonprice14
Copy link

I really like the library, so thanks for all the great work.

I am probably doing something wrong here, but I cannot seem to get the ID Token to refresh.

I saw that someone else raised a similar question 1339 and it has been closed as solved, but the answer did not help me.

In my settings file under OAUTH2_PROVIDER, I have OIDC_ENABLED set to `True.

When I go through the authorization flow and grab a token, i do indeed receive an access, a refresh and an id token,

curl -X POST \
 -H "Cache-Control: no-cache" \
 -H "Content-Type: application/x-www-form-urlencoded" \
 "http://localhost:8000/o/token/" \
 -d "code=${CODE}" \
 -d "client_id=${clientID}" \
 -d "client_secret=${SECRET}" \
 -d "code_verifier=${CODE_VERIFIER}" \
 -d "redirect_uri=http://localhost:8000/noexist/callback" \
 -d "grant_type=authorization_code"

{"access_token": "M11g2zeNCSUCNW8snMLPHWNVv63jez", "expires_in": 3600, "token_type": "Bearer", "scope": "openid profile email", "refresh_token": "tZrhCYncpIyyAiL2SCj2YnrQ6PORiB", "id_token": "eyJ0eXAiOiAiSldUIiwg......."}

But when I attempt the refresh, I receive only a new access token

curl -X POST \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=refresh_token" \
  -d "refresh_token=tZrhCYncpIyyAiL2SCj2YnrQ6PORiB" \
  -d "client_id=${clientID}" \
  -d "client_secret=${SECRET}" \
  http://localhost:8000/o/token/

{"access_token": "gmtamqoNjiYVh2Gfk4Rz6k2IJ5IMLk", "expires_in": 3600, "token_type": "Bearer", "scope": "openid profile email", "refresh_token": "6ZmaRpQmZ2OfFFsKOJ4i76wLGDJvrX"}

While debugging I added some print statements to ../site-packages/oauth2_provider/views/mixins.py under OAuthLibMixin.get_oauthlib_core and it is printing out the following

SERVER -  <oauthlib.openid.connect.core.endpoints.pre_configured.Server object at 0x10302f6a0>
SERVER REFRESH - <oauthlib.oauth2.rfc6749.grant_types.refresh_token.RefreshTokenGrant object at 0x103054430>

So my server class is using the openid server class, which I presume is correct. But should the server.refresh_grant not be oauthlib.openid.connect.core.grant_types.refresh_token.RefreshTokenGrant?

What am I doing wrong?

Any guidance would be gratefully received.
@hugochinchilla
Copy link

hugochinchilla commented Apr 22, 2024
edited
Loading

I got this problem solved by fixing the following dependencies in my poetry.toml:

django-oauth-toolkit = {git = "https://github.com/jazzband/django-oauth-toolkit.git", rev = "25c6304"}
oauthlib = { git = "https://github.com/oauthlib/oauthlib.git", rev = "f9a07c6" }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hugochinchilla @simonprice14