[Bug]: Refresh token is not being processed correctly

appsmithorg / appsmith

Platform to build admin panels, internal tools, and dashboards. Integrates with 25+ databases and any API.

https://www.appsmith.com

Apache License 2.0

34.12k stars 3.69k forks source link

[Bug]: Refresh token is not being processed correctly #10493

Closed ajinkyakulkarni closed 2 years ago

ajinkyakulkarni commented 2 years ago

Is there an existing issue for this?

[X] I have searched the existing issues

Current Behavior

A user is reporting that the refresh token is not being processed correctly and therefore they must re-authorize the application on a daily basis. The application (Infusionsoft Max Classic) doesn't use the offline_access method of OAuth2, so needs some investigation.

Steps To Reproduce

Need to get on a call with the user to investigate this issue.

Environment

Production

Version

Self-Hosted

sumitsum commented 2 years ago

I spent some time going through the overall flow and had a discussion with @nidhi-nair regarding this earlier today. Our current assessment is that the issue is with the oauth2 refresh token authorization mechanism - our implementation is slightly different from what the authorization server of the user application expects. We send the client credentials in the body of the API request whereas the user's authorization server expects it via header and base64 encoded : https://developer.keap.com/getting-started-oauth-keys/ I will update further on this post testing the flow with against the authorization server.

github-actions[bot] commented 2 years ago

This issue has not seen activity for a while. It will be closed in 7 days unless further activity is detected.

rohan-arthur commented 2 years ago

fix is in progress - awaiting review