search

jazzband / django-oauth-toolkit

OAuth2 goodies for the Djangonauts!
https://django-oauth-toolkit.readthedocs.io
Other
3.06k stars 777 forks source link

Refresh ID token help #1402

Open simonprice14 opened 4 months ago

simonprice14 commented 4 months ago

I really like the library, so thanks for all the great work.

I am probably doing something wrong here, but I cannot seem to get the ID Token to refresh.

I saw that someone else raised a similar question 1339 and it has been closed as solved, but the answer did not help me.

In my settings file under OAUTH2_PROVIDER, I have OIDC_ENABLED set to `True.

When I go through the authorization flow and grab a token, i do indeed receive an access, a refresh and an id token,

curl -X POST \
 -H "Cache-Control: no-cache" \
 -H "Content-Type: application/x-www-form-urlencoded" \
 "http://localhost:8000/o/token/" \
 -d "code=${CODE}" \
 -d "client_id=${clientID}" \
 -d "client_secret=${SECRET}" \
 -d "code_verifier=${CODE_VERIFIER}" \
 -d "redirect_uri=http://localhost:8000/noexist/callback" \
 -d "grant_type=authorization_code"

{"access_token": "M11g2zeNCSUCNW8snMLPHWNVv63jez", "expires_in": 3600, "token_type": "Bearer", "scope": "openid profile email", "refresh_token": "tZrhCYncpIyyAiL2SCj2YnrQ6PORiB", "id_token": "eyJ0eXAiOiAiSldUIiwg......."}

But when I attempt the refresh, I receive only a new access token

curl -X POST \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=refresh_token" \
  -d "refresh_token=tZrhCYncpIyyAiL2SCj2YnrQ6PORiB" \
  -d "client_id=${clientID}" \
  -d "client_secret=${SECRET}" \
  http://localhost:8000/o/token/

{"access_token": "gmtamqoNjiYVh2Gfk4Rz6k2IJ5IMLk", "expires_in": 3600, "token_type": "Bearer", "scope": "openid profile email", "refresh_token": "6ZmaRpQmZ2OfFFsKOJ4i76wLGDJvrX"}

While debugging I added some print statements to ../site-packages/oauth2_provider/views/mixins.py under OAuthLibMixin.get_oauthlib_core and it is printing out the following

SERVER -  <oauthlib.openid.connect.core.endpoints.pre_configured.Server object at 0x10302f6a0>
SERVER REFRESH - <oauthlib.oauth2.rfc6749.grant_types.refresh_token.RefreshTokenGrant object at 0x103054430>

So my server class is using the openid server class, which I presume is correct. But should the server.refresh_grant not be oauthlib.openid.connect.core.grant_types.refresh_token.RefreshTokenGrant?

What am I doing wrong?

Any guidance would be gratefully received.

hugochinchilla commented 2 months ago

I got this problem solved by fixing the following dependencies in my poetry.toml:

django-oauth-toolkit = {git = "https://github.com/jazzband/django-oauth-toolkit.git", rev = "25c6304"}
oauthlib = { git = "https://github.com/oauthlib/oauthlib.git", rev = "f9a07c6" }