Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why does Client.do_access_token_refresh require state? #868

Open
lupreCSC opened this issue Feb 8, 2024 · 2 comments
Open

Why does Client.do_access_token_refresh require state? #868

lupreCSC opened this issue Feb 8, 2024 · 2 comments

Comments

@lupreCSC
Copy link

lupreCSC commented Feb 8, 2024
edited
Loading

Asking because the token refresh request in the OpenID Connect specification does not involve the state and it would be easier for our application if we could discard it after the initial authorization code flow.
@schlenk
Copy link
Collaborator

schlenk commented Feb 9, 2024

From a cursory look, only the get_grant() call (

pyoidc/src/oic/oauth2/__init__.py

Line 979 in 0e30cd2

if token.replaced:
) seem to actually need it, all the rest of the code seems to be happy if you pass in the token as a kwarg and ignores the state.

Is that the issue you see, e.g. a GrantError being raised there?

@lupreCSC
Copy link
Author

Yes, I get a GrantError: No grant found for state:'' (or GrantError: No grant found for state:'None' if I set state=None instead of just leaving it out of the do_access_token_refresh call).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@schlenk @lupreCSC