Announcement Announcement Module
Collapse
No announcement yet.
OAuth2RestTemplate failing to obtain access token after expired refresh token Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • OAuth2RestTemplate failing to obtain access token after expired refresh token

    Scenario:
    1. Client code obtains access token and refresh token via OAuth2RestTemplate. (grant type is "resource owner password credentials" in case it matters).
    2. Client goes idle with respect to resource server calls.
    3. Access token expires.
    4. Refresh token also expires.
    5. Client (via OAuth2RestTemplate) attempts to invoke resource server and is unable to do so.

    Stack trace below occurs when a javascript client calls the servlet that is responsible for returning an access token so that the javascript can talk to the resource server. The servlet just invokes OAuth2RestTemplate.getAccessToken. Typically this works fine. I assume when the refresh token is expired the OAuth2RestTemplate should obtain a new one (just like it did originally.) As you can see from the stack trace, the authorization server is returning an InvalidGrantException indicating that the refresh token is expired. Thoughts?

    Code:
    Servlet.service() for servlet [springMVC] in context with path [/mobile] threw exception [Request processing failed; nested exception is error="access_denied", error_description="Access token denied."] with root cause
    org.springframework.security.oauth2.common.exceptions.InvalidGrantException: requested refresh token is expired
    	at org.springframework.security.oauth2.common.exceptions.OAuth2ExceptionJackson1Deserializer.deserialize(OAuth2ExceptionJackson1Deserializer.java:80) [spring-security-oauth2-1.0.2.RELEASE.jar:na]
    	at org.springframework.security.oauth2.common.exceptions.OAuth2ExceptionJackson1Deserializer.deserialize(OAuth2ExceptionJackson1Deserializer.java:31) [spring-security-oauth2-1.0.2.RELEASE.jar:na]
    	at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2725) [jackson-mapper-asl-1.9.3.jar:1.9.3]
    	at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1916) [jackson-mapper-asl-1.9.3.jar:1.9.3]
    	at org.springframework.http.converter.json.MappingJacksonHttpMessageConverter.readInternal(MappingJacksonHttpMessageConverter.java:124) [org.springframework.web-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    	at org.springframework.http.converter.AbstractHttpMessageConverter.read(AbstractHttpMessageConverter.java:153) [org.springframework.web-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    	at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport$AccessTokenErrorHandler.handleError(OAuth2AccessTokenSupport.java:200) [spring-security-oauth2-1.0.2.RELEASE.jar:na]
    	at org.springframework.web.client.RestTemplate.handleResponseError(RestTemplate.java:486) [org.springframework.web-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:443) [org.springframework.web-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:409) [org.springframework.web-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    	at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport.retrieveToken(OAuth2AccessTokenSupport.java:102) [spring-security-oauth2-1.0.2.RELEASE.jar:na]
    	at org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider.refreshAccessToken(ResourceOwnerPasswordAccessTokenProvider.java:40) [spring-security-oauth2-1.0.2.RELEASE.jar:na]
    	at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.refreshAccessToken(AccessTokenProviderChain.java:162) [spring-security-oauth2-1.0.2.RELEASE.jar:na]
    	at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainAccessToken(AccessTokenProviderChain.java:106) [spring-security-oauth2-1.0.2.RELEASE.jar:na]
    	at org.springframework.security.oauth2.client.OAuth2RestTemplate.acquireAccessToken(OAuth2RestTemplate.java:216) [spring-security-oauth2-1.0.2.RELEASE.jar:na]
    	at org.springframework.security.oauth2.client.OAuth2RestTemplate.getAccessToken(OAuth2RestTemplate.java:168) [spring-security-oauth2-1.0.2.RELEASE.jar:na]
Working...
X