search

markgravity / flutter-survey

3 stars 0 forks source link

[77] [Fix] Token doesnt refresh after expires #80

Closed markgravity closed 3 years ago

markgravity commented 3 years ago

https://github.com/markgravity/flutter-survey/issues/77

What happened

After token is expired, app doesn't refresh or redirect to Login screen

Insight

Proof Of Work

Login -> Modify token, refresh token (create invalid token) -> Receives 401 when request /me -> Refresh Token -> Receives 403 -> Redirect to Login

flutter: *** Request ***
flutter: uri: https://nimble-survey-web-staging.herokuapp.com/api/v1/oauth/token
flutter: method: POST
flutter: responseType: ResponseType.json
flutter: followRedirects: true
flutter: connectTimeout: 0
flutter: sendTimeout: 0
flutter: receiveTimeout: 0
flutter: receiveDataWhenStatusError: true
flutter: extra: {}
flutter: headers:
flutter:  content-type: application/json; charset=utf-8
flutter: data:
flutter: {email: dev@nimblehq.co, password: 12345678, client_id: z9iUamZLvRgtVVtRJ8UqItg2vmncGyEi30p1eWEddnA, client_secret: 1vqRNMxq-Yx83A61GNjLb17qxCGKxHDb8EmB3MKdxqA, grant_type: password}
flutter:
flutter: *** Response ***
flutter: uri: https://nimble-survey-web-staging.herokuapp.com/api/v1/oauth/token
flutter: statusCode: 200
flutter: headers:
flutter:  connection: keep-alive
flutter:  cache-control: private, no-store
flutter:  transfer-encoding: chunked
flutter:  date: Thu, 27 May 2021 02:55:27 GMT
flutter:  content-encoding: gzip
flutter:  vary: Accept-Encoding, Origin
flutter:  strict-transport-security: max-age=31536000; includeSubDomains
flutter:  referrer-policy: strict-origin-when-cross-origin
flutter:  x-permitted-cross-domain-policies: none
flutter:  pragma: no-cache
flutter:  content-type: application/json; charset=utf-8
flutter:  x-xss-protection: 1; mode=block
flutter:  server: Cowboy
flutter:  x-request-id: 1d5f4f34-1c81-4e8a-b66f-276a549bd19a
flutter:  x-download-options: noopen
flutter:  x-runtime: 0.346076
flutter:  etag: W/"d7f67518a5d63f83d8d61fec9d2cb5ad"
flutter:  via: 1.1 vegur
flutter:  x-frame-options: SAMEORIGIN
flutter:  x-content-type-options: nosniff
flutter: Response Text:
flutter: {"data":{"id":2242,"type":"token","attributes":{"access_token":"496ACdMVaUiKSC3HPkgWwl4JF8_vIPVDx3L0hVx-aH4","token_type":"Bearer","expires_in":7200,"refresh_token":"ElPok6nQR2xca6Ol3CEe8vlredFg6TszIBSQU5Jy3Pg","created_at":1622084128}}}
flutter:
flutter: *** Request ***
flutter: uri: https://nimble-survey-web-staging.herokuapp.com/api/v1/me
flutter: method: GET
flutter: responseType: ResponseType.json
flutter: followRedirects: true
flutter: connectTimeout: 0
flutter: sendTimeout: 0
flutter: receiveTimeout: 0
flutter: receiveDataWhenStatusError: true
flutter: extra: {}
flutter: headers:
flutter:  authorization: Bearer 496ACdMVaUiKSC3HPkgWwl4JF8_vIPVDx3L0hVx-aH4
flutter: data:
flutter: null
flutter:
flutter: *** Response ***
flutter: uri: https://nimble-survey-web-staging.herokuapp.com/api/v1/me
flutter: statusCode: 200
flutter: headers:
flutter:  connection: keep-alive
flutter:  cache-control: max-age=0, private, must-revalidate
flutter:  transfer-encoding: chunked
flutter:  date: Thu, 27 May 2021 02:55:28 GMT
flutter:  vary: Accept-Encoding, Origin
flutter:  content-encoding: gzip
flutter:  strict-transport-security: max-age=31536000; includeSubDomains
flutter:  referrer-policy: strict-origin-when-cross-origin
flutter:  x-permitted-cross-domain-policies: none
flutter:  content-type: application/json; charset=utf-8
flutter:  x-xss-protection: 1; mode=block
flutter:  server: Cowboy
flutter:  x-request-id: c65ef54a-8941-45c1-9280-0793de8eda07
flutter:  x-download-options: noopen
flutter:  x-runtime: 0.014001
flutter:  etag: W/"0c539349dfe1298c71f199630e0d75cf"
flutter:  via: 1.1 vegur
flutter:  x-frame-options: SAMEORIGIN
flutter:  x-content-type-options: nosniff
flutter: Response Text:
flutter: {"data":{"id":"2","type":"user","attributes":{"email":"dev@nimblehq.co","avatar_url":"https://api.adorable.io/avatar/dev@nimblehq.co"}}}
flutter:
flutter: *** Request ***
flutter: uri: https://nimble-survey-web-staging.herokuapp.com/api/v1/me
flutter: method: GET
flutter: responseType: ResponseType.json
flutter: followRedirects: true
flutter: connectTimeout: 0
flutter: sendTimeout: 0
flutter: receiveTimeout: 0
flutter: receiveDataWhenStatusError: true
flutter: extra: {}
flutter: headers:
flutter:  authorization: Bearer s
flutter: data:
flutter: null
flutter:
flutter: *** DioError ***:
flutter: uri: https://nimble-survey-web-staging.herokuapp.com/api/v1/me
flutter: DioError [DioErrorType.response]: Http status error [401]
#0      DioMixin.assureDioError (package:dio/src/dio_mixin.dart:819:20)
#1      DioMixin._dispatchRequest (package:dio/src/dio_mixin.dart:678:13)
<asynchronous suspension>
#2      DioMixin.fetch.<anonymous closure>.<anonymous closure> (package:dio/src/dio_mixin.dart)
<asynchronous suspension>
flutter: uri: https://nimble-survey-web-staging.herokuapp.com/api/v1/me
flutter: statusCode: 401
flutter: headers:
flutter:  connection: keep-alive
flutter:  cache-control: private, no-store
flutter:  transfer-encoding: chunked
flutter:  date: Thu, 27 May 2021 02:55:32 GMT
flutter:  content-encoding: gzip
flutter:  vary: Accept-Encoding, Origin
flutter:  strict-transport-security: max-age=31536000; includeSubDomains
flutter:  referrer-policy: strict-origin-when-cross-origin
flutter:  x-permitted-cross-domain-policies: none
flutter:  pragma: no-cache
flutter:  content-type: application/json; charset=utf-8
flutter:  x-xss-protection: 1; mode=block
flutter:  www-authenticate: Bearer realm="Doorkeeper", error="invalid_token", error_description="The access token is invalid"
flutter:  server: Cowboy
flutter:  x-request-id: 633e94a0-3517-490c-9425-3641c231c3a0
flutter:  x-download-options: noopen
flutter:  x-runtime: 0.027839
flutter:  via: 1.1 vegur
flutter:  x-frame-options: SAMEORIGIN
flutter:  x-content-type-options: nosniff
flutter: Response Text:
flutter: {"errors":[{"source":"unauthorized","detail":"The access token is invalid","code":"invalid_token"}]}
flutter:
flutter:
flutter: *** Request ***
flutter: uri: https://nimble-survey-web-staging.herokuapp.com/api/v1/oauth/token
flutter: method: POST
flutter: responseType: ResponseType.json
flutter: followRedirects: true
flutter: connectTimeout: 0
flutter: sendTimeout: 0
flutter: receiveTimeout: 0
flutter: receiveDataWhenStatusError: true
flutter: extra: {}
flutter: headers:
flutter:  authorization: Bearer s
flutter:  content-type: application/json; charset=utf-8
flutter: data:
flutter: {refresh_token: s, client_id: z9iUamZLvRgtVVtRJ8UqItg2vmncGyEi30p1eWEddnA, client_secret: 1vqRNMxq-Yx83A61GNjLb17qxCGKxHDb8EmB3MKdxqA, grant_type: refresh_token}
flutter:
flutter: *** DioError ***:
flutter: uri: https://nimble-survey-web-staging.herokuapp.com/api/v1/oauth/token
flutter: DioError [DioErrorType.response]: Http status error [400]
#0      DioMixin.assureDioError (package:dio/src/dio_mixin.dart:819:20)
#1      DioMixin._dispatchRequest (package:dio/src/dio_mixin.dart:678:13)
<asynchronous suspension>
#2      DioMixin.fetch.<anonymous closure>.<anonymous closure> (package:dio/src/dio_mixin.dart)
<asynchronous suspension>
flutter: uri: https://nimble-survey-web-staging.herokuapp.com/api/v1/oauth/token
flutter: statusCode: 400
flutter: headers:
flutter:  connection: keep-alive
flutter:  cache-control: private, no-store
flutter:  transfer-encoding: chunked
flutter:  date: Thu, 27 May 2021 02:55:34 GMT
flutter:  content-encoding: gzip
flutter:  vary: Accept-Encoding, Origin
flutter:  strict-transport-security: max-age=31536000; includeSubDomains
flutter:  referrer-policy: strict-origin-when-cross-origin
flutter:  x-permitted-cross-domain-policies: none
flutter:  pragma: no-cache
flutter:  content-type: application/json; charset=utf-8
flutter:  x-xss-protection: 1; mode=block
flutter:  www-authenticate: Bearer realm="Doorkeeper", error="invalid_grant", error_description="The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
flutter:  server: Cowboy
flutter:  x-request-id: a849276c-cee5-43e8-aaaf-bbe153854b9a
flutter:  x-download-options: noopen
flutter:  x-runtime: 0.029976
flutter:  via: 1.1 vegur
flutter:  x-frame-options: SAMEORIGIN
flutter:  x-content-type-options: nosniff
flutter: Response Text:
flutter: {"errors":[{"source":"Doorkeeper::OAuth::Error","detail":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.","code":"invalid_grant"}]}
flutter:
flutter:
flutter: *** Request ***
flutter: uri: https://nimble-survey-web-staging.herokuapp.com/api/v1/oauth/revoke
flutter: method: POST
flutter: responseType: ResponseType.json
flutter: followRedirects: true
flutter: connectTimeout: 0
flutter: sendTimeout: 0
flutter: receiveTimeout: 0
flutter: receiveDataWhenStatusError: true
flutter: extra: {}
flutter: headers:
flutter:  authorization: Bearer s
flutter:  content-type: application/json; charset=utf-8
flutter: data:
flutter: null
flutter:
flutter: *** DioError ***:
flutter: uri: https://nimble-survey-web-staging.herokuapp.com/api/v1/oauth/revoke
flutter: DioError [DioErrorType.response]: Http status error [403]
#0      DioMixin.assureDioError (package:dio/src/dio_mixin.dart:819:20)
#1      DioMixin._dispatchRequest (package:dio/src/dio_mixin.dart:678:13)
<asynchronous suspension>
#2      DioMixin.fetch.<anonymous closure>.<anonymous closure> (package:dio/src/dio_mixin.dart)
<asynchronous suspension>
flutter: uri: https://nimble-survey-web-staging.herokuapp.com/api/v1/oauth/revoke
flutter: statusCode: 403
flutter: headers:
flutter:  connection: keep-alive
flutter:  cache-control: no-cache
flutter:  transfer-encoding: chunked
flutter:  date: Thu, 27 May 2021 02:55:36 GMT
flutter:  vary: Accept-Encoding, Origin
flutter:  content-encoding: gzip
flutter:  strict-transport-security: max-age=31536000; includeSubDomains
flutter:  referrer-policy: strict-origin-when-cross-origin
flutter:  x-permitted-cross-domain-policies: none
flutter:  content-type: application/json; charset=utf-8
flutter:  x-xss-protection: 1; mode=block
flutter:  server: Cowboy
flutter:  x-request-id: f745de0c-9d77-45b7-9cde-46824137cb2e
flutter:  x-download-options: noopen
flutter:  x-runtime: 0.005510
flutter:  via: 1.1 vegur
flutter:  x-frame-options: SAMEORIGIN
flutter:  x-content-type-options: nosniff
flutter: Response Text:
flutter: {"errors":[{"detail":"You are not authorized to revoke this token","code":"unauthorized_client"}]}
flutter:
flutter:

https://user-images.githubusercontent.com/17875522/119759378-5a295580-bed2-11eb-8b07-ccc87521bc80.mp4