Issue with token revocation

  • Resolved therealgilles

    (@chamois_blanc)


    3 years, 10 months ago

    I’m having an issue with asking for a new token after token revocation.

    Here is my process:
    1) I start to log in to my app.
    2) The app starts oauth2 authentication with my WP server.
    3) I enter my credentials and everything goes well, so I get logged in into my app.
    4) I log out of my app. This revokes the access token.
    5) I start to log in to my app again.
    6) I’m already logged in the WP server, so it does not ask for my credentials this time.
    7) I get an authentication error on my app because it did not get the access token from the OAuth2 WP server.

    Looking at the log, I see this error on the response:
    Authorization code doesn't exist or is invalid for the client

    My guess is that even though I revoked the token, the server is sending the same authorization code, which is then refused when trying to get the token. But the server should be sending a new authorization code as the previous token was revoked.

    Am I making sense?

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter therealgilles

    (@chamois_blanc)

    I may be on the wrong track with the token revocation. Will update when I understand this better.

    Thread Starter therealgilles

    (@chamois_blanc)

    Whether I revoke the tokens or not, I get the same error. In both case, the server returns the previous authorization code. Then when I try to use it to get a new access token, I get the error:

         payload: {
       error: 'invalid_grant',
       error_description: "Authorization code doesn't exist or is invalid for the client"
     }

    Any idea why this would be happening? am I doing something unexpected/illegal?

    Thread Starter therealgilles

    (@chamois_blanc)

    After a few minutes, the authorization code changes and my app can get a token and I can log in.

    Thread Starter therealgilles

    (@chamois_blanc)

    Wondering if this could be a caching issue on my side…

    Thread Starter therealgilles

    (@chamois_blanc)

    I confirm it’s a caching issue on my side. Need to disable caching for the /oauth URLs on the WordPress server side.

    Plugin Author Justin Greer

    (@justingreerbbi)

    Thank you for the updates! Glad everything worked out.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Issue with token revocation’ is closed to new replies.