logto-io / dart

Logto Flutter SDKs.

MIT License

18 stars 10 forks source link

bug: invalid_grant when refreshing token #66

Open Anotherjez opened 3 weeks ago

Anotherjez commented 3 weeks ago

Describe the bug

The error occurs when a user's token expires and he tries to fetch the access token with the refresh token to get user data with .getUserInfo() function. This error only occurs with previously authenticated users and We are only using discord social connector for sign-in and sign-up. It seems that the error occurs with discord users who have 2FA.

This error may be related to this bug.

Expected behavior

.getUserInfo() working without errors.

How to reproduce?

Sign in with discord account (with 2FA)
Wait for the token to expire
Open the app again and try to get logtoClient.isAuthenticated
Try to get logtoClient.getUserInfo() without errors

Context

This error has been happening since June.
Using the latest version of logto_dart_sdk.
[x] Logto Cloud
[ ] Self-hosted, Logto version =
- [ ] Container (Docker image)
- [ ] Raw Node.js

Screenshots

simeng-li commented 1 week ago

@Anotherjez what SDK version were you using? Is this the same issue you reported earlier?

65 shouldn't affect it, as the SDK will always request a new access token using the refresh token if no valid token is found in storage.

simeng-li commented 1 week ago

The invalid_grant error is triggered by the token exchange endpoint (fetchTokenByRefreshToken). Based on the logs you provided, it’s likely that your refresh_token has expired. You’ll need to handle this error manually by clearing the native storage and redirecting the user to the sign-in page.

By default, the refresh_token has a TTL of 14 days, but you can modify this setting on your App details page.

Anotherjez commented 1 week ago

@Anotherjez what SDK version were you using? Is this the same issue you reported earlier?

Not the same issue, using logto_dart_sdk 2.0.2.

65 shouldn't affect it, as the SDK will always request a new access token using the refresh token if no valid token is found in storage.

But I always get the error when the sdk requests the new access token.

Based on the logs you provided, it’s likely that your refresh_token has expired.

I don't think so. The refresh token should not expire daily. All my users had to sign in again everyday.

By default, the refresh_token has a TTL of 14 days, but you can modify this setting on your App details page.

Yes, in my settings it is set to 14 days.

simeng-li commented 1 week ago

I have set the accss_token ttl to 1min, so I can test the token exchange flow easily. Still can't reproduce this issue.

Can you share the token exchange request audit logs? You may find more invalid_grant error details in the audit logs.