Skip to content

[bug] About refreshing token #268

New issue
New issue
Open
Open
[bug] About refreshing token#268
@MrXBear

Description

@MrXBear
MrXBear
opened on Aug 10, 2024

What I expect:

  1. Getting access_token (expired in 2 hours) & refresh_token (expired in 3 hours) by /api/oauth?grant_type=client_credentials
  2. After access_token expires And Before refresh_token expires, refresh them by /api/oauth?grant_type=refresh_token
  3. continue step 2

like this:
image

What I configure:

manager.SetClientTokenCfg(&manage.Config{
	AccessTokenExp:    time.Hour * 2,
	RefreshTokenExp:   time.Hour * 3,
	IsGenerateRefresh: true,
})

manager.SetRefreshTokenCfg(&manage.RefreshingConfig{
	AccessTokenExp:    time.Hour * 2,
	RefreshTokenExp:   time.Hour * 3,
	IsGenerateRefresh: true,
	IsRemoveAccess: false,
	IsRemoveRefreshing: true,
})

What I got:

The access_token & refresh_token (return by grant_type=client_credentials, note as AK_0, RK_0) works well.
AK_0 is valid in the first 2 hours.

When AK_0 exipred, I refresh by grant_type=refresh_token with RK_0 successfully.
(Return new access_token & new refresh_token, note as AK_1, RK_1)
AK_1 is also valid at the begining, but it expired in less then an hour (which expected 2 hours according the config).

And it's failure to refresh with RK_2 at that moment.
Error Info:
invalid_grant
"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client"

It seems AK_1, RK_1 expired at the same time while RK_0 expired.

like this:
(the red dashed line is the deadline of RK_0, AK_1, )
image

No matter token storage I used (memory or file), the problem shows all the same.

// store.NewMemoryTokenStore()
// store.NewFileTokenStore("token.db")

I have compared the file token.db which store the tokens before & after RK_0 expired.
Result: that file was append something like the followings when RK_0 exipred :

*2
$3
del
$48
MWY2OTMXNZYTNME2YY0ZNZRKLWI5YJGTNTRLOWM3YMI3ZJM4
*2
$3
del
$48
YMMZNGNHNWYTZDHJYS01YMM1LWFKYZMTMZK2MZA0YTQ5ZTU3

Those long random strings are AK_1 & RK_1 .
They were indeed deleted at the time while RK_0 expired.

So, it's this a bug?
Or, just I make some mistake in my code?
Thanks a lot ~

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions