Which happens when the grant expires (e.g. I set the grant expiration to 12 hours and I try to use a refresh token on the token endpoint after 13 hours).
This causes an exception, which for example in satosa-oidcop is handled by a general error response "request cannot be processed", which does not say much.
I guess I should set grant expiration to be longer than any token expiration (e.g. refresh token expiration) in the config, but this exception may still be addressed to provide better error message.
When trying to use a refresh token after grant (the session) expires, there is an unclear error:
NoneType object has no attribute expires_at
This is because here, the
access_token.expires_at
property is accessed: https://github.com/IdentityPython/oidc-op/blob/2f81e246ff9ef412f5dc786cd2cfa5dd5fccf9e1/src/oidcop/oauth2/token.py#L279where
access_token
is a result of grant.mint_token, which may returnNone
: https://github.com/IdentityPython/oidc-op/blob/8de3acf28be2777480c4398c443f698def9c9724/src/oidcop/session/grant.py#L261And it returns
None
whenever the grant/token is not active: https://github.com/IdentityPython/oidc-op/blob/8de3acf28be2777480c4398c443f698def9c9724/src/oidcop/session/grant.py#L274Which happens when the grant expires (e.g. I set the grant expiration to 12 hours and I try to use a refresh token on the token endpoint after 13 hours).
This causes an exception, which for example in satosa-oidcop is handled by a general error response
"request cannot be processed"
, which does not say much.I guess I should set grant expiration to be longer than any token expiration (e.g. refresh token expiration) in the config, but this exception may still be addressed to provide better error message.