AndersAbel
commented
4 days ago Do you get any error messages logged? Whenever IdentityServer returns an invalid_grant error it should also write a more detailed error message to the logs.
Open parasdaftary opened 1 month ago
AndersAbel
commented
4 days ago Do you get any error messages logged? Whenever IdentityServer returns an invalid_grant error it should also write a more detailed error message to the logs.
Which version of Duende.AccessTokenManagement are you using?
Duende identity server 6.3.10 (for development)
Which version of .NET are you using?
.net core 6.0
Describe the bug
Refresh token expires in one hour approximately the expected behaviour that it should be valid for AbsoluteRefreshTokenLifetime which is 30 days
Provided client config
AccessTokenLifetime = 3600, AbsoluteRefreshTokenLifetime = 2592000, RefreshTokenUsage = TokenUsage.OneTimeOnly, RefreshTokenExpiration = TokenExpiration.Absolute, UpdateAccessTokenClaimsOnRefresh = true,
A clear and concise description of what the bug is.
I am not sure if this is a bug or configuration issue but when getting new access token with refresh token it is giving error as invalid_grant after some time probabaly after one hour, the expected behaviour is to get successful response that should include new access token, new expiresIn and new refreshToken. According to documentation and client config the refresh token should be valid for 30 days. If it is less than one hour the refresh token is able to get new access token if it is more than one hour it throws invalid_grant error.
To Reproduce
1) Generate code using authorization_code grant 2) Get access token and refresh token using code generated from authorization_code grant 3) Get new access token using refresh_token grant after one hour using refresh token it returns error as invalid_grant
Steps to reproduce the behavior.
Expected behavior
The expected behaviour is to get successful response that should include new access token, new expiresIn and new refreshToken. According to documentation and client config the refresh token should be valid for 30 days.
A clear and concise description of what you expected to happen.
Log output/exception with stacktrace
invalid_grant
Additional context
Add any other context about the problem here.
Please let us know if we need to provide more information from our side. Please let us know application changes if needed.