Refresh token returns invalid grant type

Question

I'm trying to refresh the access token (based on https://docs.wso2.com/display/IS510/Refresh+Token+Grant) obtained from wso2 identity server; the server returns an invalid grant type response

{
  "error": "invalid_grant",
  "error_description": "Provided Authorization Grant is invalid"
}

The access token is obtained using the "authorization code" grant type with the openid scope.

I've turned on the logging on the server; however, I'm not able to determine the reason for the invalid grant type response. How can i get the WSO2 Identity Server to refresh my access token using the refresh token?

Logs from the server:

TID: [-1234] [] [2016-03-14 09:20:11,241] DEBUG {org.wso2.carbon.identity.oauth2.OAuth2Service} - Access Token request received for Client ID CHao3ZYUVY6tRX4jJ82yzh4NVpka, User ID null, Scope : [openid] and Grant Type : refresh_token

TID: [-1234] [] [2016-03-14 09:20:11,241] DEBUG {org.wso2.carbon.identity.oauth2.token.handlers.clientauth.AbstractClientAuthHandler} - Can authenticate with client ID and Secret. Client ID: CHao3ZYUVY6tRX4jJ82yzh4NVpka TID: [-1234] [] [2016-03-14 09:20:11,241] DEBUG {org.wso2.carbon.identity.oauth2.token.handlers.clientauth.AbstractClientAuthHandler} - Grant type : refresh_token Strict client validation set to : null

TID: [-1234] [] [2016-03-14 09:20:11,242] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} - Client credentials were fetched from the database. TID: [-1234] [] [2016-03-14 09:20:11,242] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} - Successfully authenticated the client with client id : CHao3ZYUVY6tRX4jJ82yzh4NVpka

TID: [-1234] [] [2016-03-14 09:20:11,243] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} - Client credentials were added to the cache for client id : CHao3ZYUVY6tRX4jJ82yzh4NVpka

TID: [-1234] [] [2016-03-14 09:20:11,245] DEBUG {org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler} - Invalid Refresh Token provided for Client with Client Id : CHao3ZYUVY6tRX4jJ82yzh4NVpka

TID: [-1234] [] [2016-03-14 09:20:11,245] DEBUG {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer} - Invalid Grant provided by the client Id: CHao3ZYUVY6tRX4jJ82yzh4NVpka

TID: [-1234] [] [2016-03-14 09:20:11,246] DEBUG {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer} - OAuth-Error-Code=invalid_grant client-id=CHao3ZYUVY6tRX4jJ82yzh4NVpka grant-type=refresh_token scope=openid

Answer 1

Question is old... Hopefully it can help someone else after this long ;). I had the same issue. However, I resolved it by specifying the exact refresh token. It's worth noting that refresh_token is different from the access token. If you don't have/know your refresh_token, use this curl command to get it.

curl -k -d "grant_type=password&username=<username>&password=<password>" -H "Authorization: Basic SVpzSWk2SERiQjVlOFZLZFpBblVpX2ZaM2Y4YTpHbTBiSjZvV1Y4ZkM1T1FMTGxDNmpzbEFDVzhh" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token

response will be like this: { "scope": "default", "token_type": "Bearer", "expires_in": 2604, "refresh_token": "7d6e9047d44a84e6bae7e80e3996182d", "access_token": "4255a34923eb464b6dc2983acffef4d8" }

then use that refresh_token in your renew token curl call. more details on the 1st curl request here Peace out .V.