Invalid Grant Error - Githubissues

intuit / oauth-jsclient

Intuit's NodeJS OAuth client provides a set of methods to make it easier to work with OAuth2.0 and Open ID

https://developer.intuit.com/

Apache License 2.0

120 stars 154 forks source link

Invalid Grant Error #77

Closed kyleabens closed 4 years ago

kyleabens commented 4 years ago

I get the invalid grant error every so often when calling the refresh method and there doesn't seem to be any rhyme or reason to it. It's rare but it keeps affecting one of my users and because of this they keep having to re-authenticate to get a new access token. After calling refresh() I save the returned access token as well as the updated refresh token. It works for most of my users but I can't pin point how it fails with others.

Here's one of the errors:

response: 
      Response {
        Url: [Object],
        rawHeaders: [Array],
        body: '{"error":"invalid_grant"}',
        status: 400,
        statusText: 'Bad Request' },
     body: '{"error":"invalid_grant"}',
     json: { error: 'invalid_grant' },
     intuit_tid: '6a115e25-544e-489d-9d90-25c4c5c9f466' }

If anyone can provide some more info for me that would great! Thanks

abisalehalliprasan commented 4 years ago

@kyleabens : Here's an excerpt from the logs based on the intuit_tid you provided.

ErrorResponse. 

{httpStatus=400,error=invalid_grant,description=Refresh token not found: AB115xxxxxxxxxxxxxxxxxxxxxxxxxxJKiysG}

Explanantion : You would run into this issue when the application does not honor the latest refresh tokens which were issued when an API call to refresh() was made. But seems like you are already handling this case where your app does replace the tokens with new pair of access/refresh tokens .

From the logs it looks like you used an old refreshToken and hence it might have resulted in the error. I have opened a support ticket on your emailID. Ref : 00092266 . I have requested more information from the team and I could post more once I get updates.

However, I would provide any sensitive information like ( access/refresh tokens , app details ) over the support ticket.

kyleabens commented 4 years ago

@abisalehalliprasan Okay thank you very much!

dlarouche commented 4 years ago

Hello! I'm having the same issue, what ended up being the solution?

Thanks

abisalehalliprasan commented 4 years ago

For the above intuit-tid : 6a115e25-544e-489d-9d90-25c4c5c9f466

From our logs, it looks like the sequence of events are as below :

The successful refresh call was made at 08/02/2020 04:48:48.728.
After which there was revoke consent call at 08/02/2020 05:25:00.090, which revoked the token.

This token was then used to do a refresh which resulted in this error.