问题描述

我在请求刷新令牌时遇到麻烦，它不断返回Unauthorized 401错误.我不知道我是否缺少在执行请求时传递的参数.

I'm having a trouble in requesting a refresh token, it keep returning an Unauthorized 401 error. I don't know if I'm lacking a parameters that I passed when I did a request.

我添加了用于刷新令牌的门卫配置.

I added the doorkeeper configuration for refresh token.

use_refresh_token

以下是请求的详细信息:

Here's the request details:

{{root_url}}/oauth/token

{"refresh_token"=>"034a74c085219fb8297fd8ef9b59f080918f"
 "format"=>:json,
 "controller"=>"/oauth/tokens",
 "action"=>"create",
 "grant_type"=>"refresh_token",
 "client_id"=>"<client_id>",
 "client_secret"=> "<client_secret>"}

错误说明:

{:error=>:invalid_grant,
 :error_description=>
  "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}

顺便说一句，我所有的api请求身份验证都不会仅仅因为此刷新令牌而失败.我想知道我在请求参数中缺少什么.

Btw, all of my api request authentication is not failing just this refresh token. I wonder what I'm missing in the request parameters.

推荐答案

请勿传递client_id和client_secret.

Do not pass the client_id and client_secret.

刷新令牌的必需参数为:

The required parameters for the refresh token are:

• grant_type
• refresh_token

可选参数:

• 范围.

请参见 rfc6749的刷新令牌部分:OAuth 2.0授权框架

这篇关于401未经授权-在Doorkeeper中请求刷新令牌时授予无效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！