'How to find what is causing "Invalid Refresh Token" on Identity Server
I hope someone can help me here..
We use Identity Server 4 to manage the client authentications. We have some recent issues where clients are facing the following error..
Refresh token validation failed. aborting, {
"ClientId": "3xx",
"ClientName": "xx",
"GrantType": "refresh_token",
"Raw": {
"client_id": "xx",
"grant_type": "refresh_token",
"refresh_token": "***REDACTED***",
"scope": "xx",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"client_assertion": "***REDACTED***"
}
}
I have checked the dbo.PersistedGrants table in the Identity server DB (We use default Identity server SQL DB) and I can see the refresh token grants are there for the same user and Clients. The user consents are also active and never revoked for these clients. Clients have also confirmed the consents are active on their end. Also the refresh tokens are not expired yet.
So I have 2 questions...
- What else could cause Refresh token expired if the above said is in place?
- How can we get more debug or detailed info under the hood to find out which factor is causing the failure
Thanks in advance
Solution 1:[1]
If the RefreshTokenUsage client configuration is set to OneTime use (the default), if the client sends the same refresh token twice, the user will be logged out.
Perhaps this is the cause of your trouble?
See the documentation for the setting here
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Tore Nestenius |