问题描述

我在请求刷新令牌时遇到问题，它不断返回未经授权的 401 错误.我不知道我是否缺少我在执行请求时传递的参数.

I'm having a trouble in requesting a refresh token, it keep returning an Unauthorized 401 error. I don't know if I'm lacking a parameters that I passed when I did a request.

我添加了刷新令牌的看门人配置.

I added the doorkeeper configuration for refresh token.

use_refresh_token

这是请求的详细信息:

{{root_url}}/oauth/token

{"refresh_token"=>"034a74c085219fb8297fd8ef9b59f080918f"
 "format"=>:json,
 "controller"=>"/oauth/tokens",
 "action"=>"create",
 "grant_type"=>"refresh_token",
 "client_id"=>"<client_id>",
 "client_secret"=> "<client_secret>"}

错误说明:

{:error=>:invalid_grant,
 :error_description=>
  "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}

顺便说一句，我所有的 api 请求身份验证都不仅仅失败了这个刷新令牌.我想知道我在请求参数中缺少什么.

Btw, all of my api request authentication is not failing just this refresh token. I wonder what I'm missing in the request parameters.

推荐答案

请勿传递 client_id 和 client_secret.

Do not pass the client_id and client_secret.

刷新令牌所需的参数是:

The required parameters for the refresh token are:

• grant_type
• refresh_token

可选参数:

• 范围.

请参阅 rfc6749 的刷新令牌部分:OAuth 2.0 授权框架