search

wagnerdelima / drf-social-oauth2

drf-social-oauth2 makes it easy to integrate Django social authentication with major OAuth2 providers, i.e., Facebook, Twitter, Google, etc.
https://drf-social-oauth2.readthedocs.io/en/latest/
MIT License
270 stars 34 forks source link

Proper error handling required #117

Closed Chappie74 closed 1 year ago

Chappie74 commented 2 years ago

Describe the bug An error is thrown when trying to get a new access token using refresh_token grant of a revoked token.

To Reproduce Steps to reproduce the behavior:

  1. Authenticate using /auth/token (password grant), get a refresh_token and an access_token
  2. Revoke the access token using auth/revoke-token.
  3. With the refresh token generated in 1. , try to get a new access token using /auth/token (refresh_token grant)
  4. This will throw 500 error, oauth2_provider.models.AccessToken.DoesNotExist: AccessToken matching query does not exist.

Expected behavior I expect the error to be handled silently, and a probably return 400 status code, with message invalid grant.

Screenshots image

wagnerdelima commented 1 year ago

@Chappie74 maybe you could upload your code somewhere and I could replicate from your repo?

Update I managed to replicate it. Soon I will publish a new release. Meanwhile you can use the master commit in your application and it should be fixed.