Refresh token error
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	apaskulin
	Nov 19 2020, 5:59 PM

Description

Expected behavior

After going through the OAuth 2.0 authorization code flow and obtaining an access token and refresh token, I'd expect to be able to exchange the refresh token for a new access token.

$ curl -X POST -F 'grant_type=refresh_token' \
-F 'refresh_token=MY_REFRESH_TOKEN' \
-F 'client_id=MY_CLIENT_ID' \
-F 'client_secret=MY_CLIENT_SECRET' \
https://meta.wikimedia.org/w/rest.php/oauth2/access_token

{"token_type":"Bearer","expires_in":9223371259704000000,"access_token":"MY_ACCESS_TOKEN","refresh_token":"MY_REFRESH_TOKEN"}

Observed behavior

I'm unable to get a new access token.

$ curl -X POST -F 'grant_type=refresh_token' \
-F 'refresh_token=MY_REFRESH_TOKEN' \
-F 'client_id=MY_CLIENT_ID' \
-F 'client_secret=MY_CLIENT_SECRET' \
https://meta.wikimedia.org/w/rest.php/oauth2/access_token

{"error":"invalid_request","error_description":"The refresh token is invalid.","hint":"Token has expired","message":"The refresh token is invalid."}