-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refresh Token Inaccessible #497
Comments
The refreshToken is only provided by creating a token. If the user wishes to create another, they need to login again to create one. https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/ covers the background for the token and since it's only used to renew a previously issued token, retrieving it wouldn't make sense. |
Thanks for considering the question, but please let me describe this a different way. I do not believe you can use refreshTokens out the box with this plugin. IIRC because the authenticating client has no way to get the first refreshToken. I have got it working in my software with the plugin but I have had to change a chunk of code (modifying the existing classes in the plugin) to make it work. This plugin is great for a lot of auth things, but its not quite yet fit for purpose for Oauth2 in my opinion. |
Issuing a POST request to '/oauth/access_token' with: the refresh_token from the login and a grant_type of refresh_token will reissue a new JWT token. An example request would be:
Can you elaborate why this does not work for you? |
From what I remember, when you get the access token in the first place it does not contain the refresh token which you need to issue the above request How is the authenticating client (ie angular web app) supposed to get hold of the refresh token? The grails oauth service only exposes the accesstoken string - see grails.plugin.springsecurity.rest.RestOauthService.groovy line 107 |
This is probably not the best code as it was written under tight time constraints, but its what I ended up with to get refresh tokens working (I ended up supplying the refresh token as a chunked cookie because of its size) ` import org.springframework.web.util.UriComponentsBuilder import groovy.util.logging.Slf4j import org.pac4j.oidc.profile.OidcProfile import org.pac4j.core.context.WebContext import javax.servlet.http.Cookie import grails.plugin.springsecurity.SpringSecurityService import org.springframework.security.core.context.SecurityContextHolder import java.nio.charset.StandardCharsets import javax.servlet.http.HttpServletRequest import com.k_int.ciim.mgmt.auth.HttpServletRequestDebug //for auth override @slf4j
} |
I'm going to reopen this for further investigation. |
I'm using this plugin to authenticate using JWT and Oauth2 (via Keycloak)
There is a accessToken api call provided in the RestOauthController where a valid refreshToken can be provided to request/generate a fresh accessToken. But how is one supposed to retrieve/surface the refreshToken initially generated for the first AccessToken? I cant find any documentation on this, and looking at the source code it doesn't seem possible?
Pointers greatly appreciated
The text was updated successfully, but these errors were encountered: