问题
I'm having a trouble in requesting a refresh token, it keep returning an Unauthorized 401 error. I don't know if I'm lacking a parameters that I passed when I did a request.
I added the doorkeeper configuration for refresh token.
use_refresh_token
Here's the request details:
{{root_url}}/oauth/token
{"refresh_token"=>"034a74c085219fb8297fd8ef9b59f080918f"
"format"=>:json,
"controller"=>"/oauth/tokens",
"action"=>"create",
"grant_type"=>"refresh_token",
"client_id"=>"<client_id>",
"client_secret"=> "<client_secret>"}
Error descriptions:
{:error=>:invalid_grant,
:error_description=>
"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}
Btw, all of my api request authentication is not failing just this refresh token. I wonder what I'm missing in the request parameters.
回答1:
Do not pass the client_id and client_secret.
The required parameters for the refresh token are:
- grant_type
- refresh_token
Optional parameter:
- scope.
See the Refresh Token section of rfc6749: The OAuth 2.0 Authorization Framework
来源:https://stackoverflow.com/questions/39689168/401-unauthorized-invalid-grant-when-requesting-refresh-token-in-doorkeeper