Skip to content
This repository was archived by the owner on Dec 13, 2018. It is now read-only.
This repository was archived by the owner on Dec 13, 2018. It is now read-only.

Problem with refresh_token request #216

Open
Open
Problem with refresh_token request#216
@passatgt

Description

@passatgt
passatgt
opened on Aug 7, 2017

I guess this is Okta related(but to be honest, i'm not sure if this worked before or not).

My server runs on a different domain using express-stormpath 4.0.0. My config there looks like this:

app.use(stormpath.init(app, {
  web: {
    produces: ['application/json'],
    oauth2: {
      password: {
        validationStrategy: 'local'
      }
    },
    refreshTokenCookie: {
      maxAge: 60000
    }
  }
}));

Login, logout works fine. Since Okta limits the access token lifespan to max 1 day, my users keeps getting logged out because the refresh token function does not work properly. The login makes a request to oauth/token on my server, and does return a refresh token, which is stored in localstorage with stormpath:token key.

{
    “access_token”: “asddsa”,
    “token_type”: “Bearer”,
    “expires_in”: 600,
    “scope”: “offline_access openid”,
    “refresh_token”: “asddsa”,
    “id_token”: “asddsa”
}

After the access token expires and i refresh the angular app, i only see a blank screen without any errors on my console. I did some digging and the problem is somewhere in the refresh-token function:

    StormpathOAuth.prototype.refresh = function(requestData, extraHeaders) {

      var self = this;

      if (self.refreshPromise) {
        return self.refreshPromise;
      }

      return self.refreshPromise = StormpathOAuthToken.getRefreshToken().then(function(refreshToken) {
        var data = angular.extend({
          grant_type: 'refresh_token',
          refresh_token: refreshToken
        }, requestData);

        var headers = angular.extend({
          Accept: 'application/json'
        }, extraHeaders);

        return $http($spFormEncoder.formPost({
          url: STORMPATH_CONFIG.getUrl('OAUTH_AUTHENTICATION_ENDPOINT'),
          method: 'POST',
          headers: headers,
          data: data
        })).then(function(response) {
          StormpathOAuthToken.setTokenResponse(response.data);
          return response;
        }).catch(function(response){
          StormpathOAuthToken.removeToken();
          return response;
        }).finally(function (){
          self.refreshPromise = null;
        });
      });
    };

Did some console.log and i can see that the data variable is correct, includes the proper refresh token and grant type. However, none of the callback runs after the $http call, in facf, it doesn't even start calling it as i don't see it on my server log. The URL is also good, i tried manually calling with the data logged and works ok, my server returns a new access token. Any ideas?

Its fine if the user needs to sign in again if the access token expired, but i just got a blank page instead of a login form. I have to manually delete the stormpath:token localstorage key manually, only after this the login form shows up again.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions