Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keep refresh token if the server does not return a new one on token refresh #82

Open
poislagarde opened this issue May 24, 2016 · 4 comments
Open

Keep refresh token if the server does not return a new one on token refresh #82

poislagarde opened this issue May 24, 2016 · 4 comments

Comments

@poislagarde
Copy link
Contributor

My authorization server doesn't always send a new refresh token when refreshing access tokens (as allowed by the spec). When it doesn't, Heimdallr overrides the stored refresh token with nil.

This causes the next refresh to fail with a HeimdallrErrorNotAuthorized error.

I'll try to work on a PR for a fix. Let me know what you think.
@poislagarde poislagarde mentioned this issue May 24, 2016
Closed
@domingguss
Copy link

any updates on this issue?

Steps to reproduce:

  1. do a proper request
  2. enable airplane mode
  3. put your device time sufficient enough further in time in order to exceed expiration
  4. do the same request
  5. Receive an error:
Error Domain=HeimdallrErrorDomain Code=1 "Could not authorize grant" 
UserInfo={
	NSLocalizedDescription=Could not authorize grant, 
	NSLocalizedFailureReason=
	Error Domain=NSURLErrorDomain 
	Code=-1009 "De internetverbinding is offline." 
	UserInfo={
		NSUnderlyingError=0x17064a380 { 
			Error Domain=kCFErrorDomainCFNetwork 
			Code=-1009 "(null)" 
			UserInfo= {
				_kCFStreamErrorCodeKey=50, 
				_kCFStreamErrorDomainKey=1
			}
		}, 
		`NSErrorFailingURLStringKey=https://www.XXXXXX.com/token,` 
		NSErrorFailingURLKey=https://www.XXXXXX.com/token, 
		_kCFStreamErrorDomainKey=1, 
		_kCFStreamErrorCodeKey=50, 
		NSLocalizedDescription=De internetverbinding is offline.
	}
}
  1. turn airplane mode off
  2. observe that the whole accesToken object has been cleared...

Possible Solution
I experienced the same issue, but is it not simple enough to just never self.clearAccessToken(),
but instead call self.invalidateAccessToken() ?

Why would one ever want to clear the whole OAuthAccessToken-object? Isn't that only when one would receive an error when your token isn't authorised anymore? How does Heimdallr detect the difference between wrong authorisation error and a simple timeout error?

@domingguss
Copy link

no updates on this one?

@djuroalfirevic-oviva
Copy link

Guys is this thing resolved perhaps?

@RolandasRazma
Copy link

we have this workaround in place

public class TokenServiceStore: OAuthAccessTokenStore {
    
    private let tokenKeychainStore: OAuthAccessTokenKeychainStore
    
    public init(service: String) {
        tokenKeychainStore = OAuthAccessTokenKeychainStore(service: service)
    }
    
    public func storeAccessToken(_ accessToken: OAuthAccessToken?) {
        if let accessToken = accessToken, accessToken.refreshToken == nil, let oldRefreshToken = retrieveAccessToken()?.refreshToken {
            tokenKeychainStore.storeAccessToken(OAuthAccessToken(accessToken: accessToken.accessToken, tokenType: accessToken.tokenType, expiresAt: accessToken.expiresAt, refreshToken: oldRefreshToken))
        } else {
            tokenKeychainStore.storeAccessToken(accessToken)
        }
    }
    
    public func retrieveAccessToken() -> OAuthAccessToken? {
        return tokenKeychainStore.retrieveAccessToken()
    }
    
}

let heimdallr: Heimdallr = Heimdallr(..., accessTokenStore: TokenServiceStore(service: ...), ...)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Keep refresh token if the server does not return a new one on token refresh
4 participants
@RolandasRazma @poislagarde @domingguss @djuroalfirevic-oviva