Reginald Jackson Posted January 2 Posted January 2 For context, I'm using c# in a Blazor web app. I have working code to get an initial authorisation code, and also to exchange that code for refresh and access tokens. I'm storing those tokens in a sql database, along with their expiration details. When I detect that an Access Token has expired, I invoke a function to get a new pair of tokens, but it fails with a Bad Request message. I have checked that I'm storing the tokens correctly. Here's the code. Can you see anything obvious I am getting wrong? var request = new HttpRequestMessage(HttpMethod.Post, TbiConstants.gblsageonetokenendpoint); request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/x-www-form-urlencoded")); var content = new FormUrlEncodedContent(new[] { new KeyValuePair<string, string>("client_id", TbiConstants.gblsageoneclientid), new KeyValuePair<string, string>("client_secret", TbiConstants.gblsageoneclientsecret), new KeyValuePair<string, string>("grant_type", "refresh_token"), new KeyValuePair<string, string>("refresh_token", _tenant.TEN_SageOne_RefreshToken) }); request.Content = content; var response = await client.SendAsync(request); Kind Regards Reg
Steel, Mark Posted January 3 Posted January 3 Hi Reg, Thank you for your post. The token is invalid for one of three reasons: 1 - It has expired 2 - The user has revoked access 3 - The refresh token has been used before In the majority of cases, it is generally reason three that is the cause, especially with apps using async calls to refresh the token. The scenario would usually be: The connected app sends a request to exchange the current request token for a new set of tokens in an async call, during the exchange another request from the user is made, you detect that the current access token is expired and then send a second request to exchange the refresh token that is still being processed in the original request. Are you locking the sql table where the refresh_token is stored after obtaining it? Thanks Mark
Reginald Jackson Posted January 3 Author Posted January 3 Good Morning Mark, thanks for responding so quickly... The Refresh token's expiry date/time is 2025-02-02 19:17:09.4006148, so we can rule out option 1. I'm the sole user currently as I'm in development, so option 2 can be ruled out. I am locking the table where the tokens are stored. I've just set up a test routine so that I can do a token refresh in isolation from any other code, and it is working, so it's something in my code, hopefully along the lines you have pointed out, so thanks for the assistance. Cheers Reg
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now