Which happens when the grant expires (e.g. I set the grant expiration to 12 hours and I try to use a refresh token on the token endpoint after 13 hours).
This causes an exception, which for example in satosa-oidcop is handled by a general error response "request cannot be processed", which does not say much.
I guess I should set grant expiration to be longer than any token expiration (e.g. refresh token expiration) in the config, but this exception may still be addressed to provide better error message.
When trying to use a refresh token after grant (the session) expires, there is an unclear error:
NoneType object has no attribute expires_atThis is because here, the
access_token.expires_atproperty is accessed: https://github.com/IdentityPython/oidc-op/blob/2f81e246ff9ef412f5dc786cd2cfa5dd5fccf9e1/src/oidcop/oauth2/token.py#L279where
access_tokenis a result of grant.mint_token, which may returnNone: https://github.com/IdentityPython/oidc-op/blob/8de3acf28be2777480c4398c443f698def9c9724/src/oidcop/session/grant.py#L261And it returns
Nonewhenever the grant/token is not active: https://github.com/IdentityPython/oidc-op/blob/8de3acf28be2777480c4398c443f698def9c9724/src/oidcop/session/grant.py#L274Which happens when the grant expires (e.g. I set the grant expiration to 12 hours and I try to use a refresh token on the token endpoint after 13 hours).
This causes an exception, which for example in satosa-oidcop is handled by a general error response
"request cannot be processed", which does not say much.I guess I should set grant expiration to be longer than any token expiration (e.g. refresh token expiration) in the config, but this exception may still be addressed to provide better error message.