[Iplant-api-dev] OAuth2: occasional bad refresh tokens

Ramona Walls rwalls at iplantcollaborative.org
Fri Mar 27 16:38:42 MST 2015 

I have noticed this response as well, but never gone to the effort to
figure out what is causing it.

Ramona

------------------------------------------------------
Ramona L. Walls, Ph.D.
Scientific Analyst
The iPlant Collaborative
Thomas J. Keating Bioresearch Building
1657 East Helen St
Tucson, AZ  85721
tel: 520.626.1489
fax: 520.626.4824
rwalls at iplantcollaborative.org

On Fri, Mar 27, 2015 at 6:57 AM, Duvick, Jonathan P [GDCBS] <
jduvick at iastate.edu> wrote:

>  The API occasionally issues a 'bad' refresh_token (i.e.  when submitting
> a refresh request, it returns a '400' http response and the following
> message: 'Provided Authorization Grant is invalid')
>
>
>  In tracing the problem I observed that the system will sometimes
> re-issue an 'old' set of tokens (that is, a set that was issued before but
> superseded by a previous 'refresh' command). In that situation, the
> 'new/old' refresh token is invalid in the way I describe above. I didn't
> test whether the access_token was valid for API access in this situation,
> but I would imagine it is not.
>
>
>  This resolves over time, even within the 4 hr lifespan of token
> validity-- curiously,  after an hour or so, a subsequent login request will
> typically return a _different_ token pair that is not faulty.
>
>
>  The context for these observations is the process of debugging code that
> involves the issuing of multiple authenticate / refresh commands for the
> same user within a span of perhaps less than a
> minute. Possibly this could result in some concurrency or caching issue.
>
>
>  In a related question, does Agave support OAuth2 'revoke' functions? If
> so I can get around this issue.
>
>
>   Jon Duvick
> PlantGDB Manager
> http://www.plantgdb.org/
> Department of Genetics, Development and Cell Biology
> 2258 Molecular Biology Building
> Iowa State University
> Ames IA 50011
>
> (515) 294-2360
> (515) 294-6755 FAX
>
> _______________________________________________
> Iplant-api-dev Mailing List: Iplant-api-dev at iplantcollaborative.org
> List Info and Archives:
> http://mail.iplantcollaborative.org/mailman/listinfo/iplant-api-dev
> One-click Unsubscribe:
> http://mail.iplantcollaborative.org/mailman/options/iplant-api-dev/rwalls%40iplantcollaborative.org?unsub=1&unsubconfirm=1
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.iplantcollaborative.org/pipermail/iplant-api-dev/attachments/20150327/4fe64a11/attachment.html

More information about the Iplant-api-dev mailing list