Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

oauth2.0 invalid request when trying to use refresh token

Used google oauth2 playground: https://developers.google.com/oauthplayground/ Followed: https://developers.google.com/accounts/docs/OAuth2WebServer#offline

Anyone why I am getting invalid request?

POST /o/oauth2/token HTTP/1.1
Host: accounts.google.com
Content-length: 209
Content-type: application/x-www-form-urlencoded
Authorization: OAuth ya29.XXXXXXXX

client_id=XXXXXXXXX&
client_secret=XXXXXXXXX&
refresh_token=1/0ffkj5lggn8XXXXXXXXX&
grant_type=refresh_token

HTTP/1.1 400 Bad Request
Content-length: 33
X-xss-protection: 1; mode=block
X-content-type-options: nosniff
X-google-cache-control: remote-fetch
-content-encoding: gzip
Server: GSE
Reason: Bad Request
Via: HTTP/1.1 GWA
Pragma: no-cache
Cache-control: no-cache, no-store, max-age=0, must-revalidate
Date: Thu, 11 Oct 2012 21:29:55 GMT
X-frame-options: SAMEORIGIN
Content-type: application/json
Expires: Fri, 01 Jan 1990 00:00:00 GMT

{
  "error" : "invalid_request"
}
like image 386
user1739509 Avatar asked Oct 11 '12 21:10

user1739509


People also ask

What does invalid OAuth 2.0 access token mean?

If the access token request is invalid, such as the redirect URL didn't match the one used during authorization, then the server needs to return an error response. Error responses are returned with an HTTP 400 status code (unless specified otherwise), with error and error_description parameters.

How do I get a new refresh token OAuth2?

Because OAuth2 access expires after a limited time, an OAuth2 refresh token is used to automatically renew OAuth2 access. Click the tab for the programming language you're using, and follow the instructions to generate an OAuth2 refresh token and set up the configuration file for your client.

Can not get refresh token?

Go to the page showing Apps with access to your account: https://myaccount.google.com/u/0/permissions. Under the Third-party apps menu, choose your app. The next OAuth2 request you make will return a refresh_token (providing that it also includes the 'access_type=offline' query parameter.

Which OAuth type can support a refresh token?

The Refresh Token grant type is used by clients to exchange a refresh token for an access token when the access token has expired. This allows clients to continue to have a valid access token without further interaction with the user.


1 Answers

If you're getting 400 is because you are adding an invalid parameter or missing one.

edit:

i believe from the given data there is an extra header Authorization. This is used in oauth2 only when access_token is passed in header, to make authenticated calls

Authorization : Bearer XXXXXXXXXXXXXXXX

while refreshing access_token there is no need to provide the same in header.

https://developers.google.com/accounts/docs/OAuth2InstalledApp#refresh

like image 199
Stance Avatar answered Sep 30 '22 19:09

Stance