There is no method implemented here to refresh the access token when refresh_token request made to /login/token/{appName} endpoint when login via SPA application
Affected Product Version:
API Manager 3.0.0
Steps to reproduce:
Use following cURL command to try the senario, change the refresh token segments in Authorization header and Cookies accordingly
Description:
refresh_token
request made to/login/token/{appName}
endpoint when login via SPA applicationAffected Product Version:
Steps to reproduce:
Authorization
header andCookies
accordinglycurl 'https://localhost:9292/login/token/publisher' -H 'Cookie: WSO2_AM_REFRESH_TOKEN_2_Default=di6_29keDfDoeHmBmhqejE' -H 'Origin: https://localhost:9292' -H 'Accept-Encoding: gzip, deflate, br' -H 'x-ijt: o412sf6oh9puhftrfa38vdc1aj' -H 'X-Alt-Referer: null' -H 'Authorization: Bearer GgD3pOCSW20iZEoDYVA2f' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept-Language: en-US,en;q=0.9' -H 'Accept: application/json' -H 'Referer: https://localhost:9292/publisher/apis' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36' -H 'Connection: keep-alive' -H 'DNT: 1' --data 'grant_type=refresh_token&validity_period=-1&scopes=apim%3Aapi_view%20apim%3Aapi_create%20apim%3Aapi_publish%20apim%3Atier_view%20apim%3Atier_manage%20apim%3Asubscription_view%20apim%3Asubscription_block%20apim%3Asubscribe%20apim%3Aexternal_services_discover' --compressed --insecure
Related Issues: