Skip to content

500 error when grant_type=refresh_token #43

New issue
New issue
Open
Open
500 error when grant_type=refresh_token#43
@gabor-lbl

Description

@gabor-lbl
gabor-lbl
opened on Oct 26, 2022

When I post to /oidc/token with:

grant_type: refresh_token
refresh_token: <refresh token>
client_id: <client id>

I get:

10/25/2022 3:36:31 PM[2022-10-25 15:36:31,502] [DEBUG] [satosa.proxy_server]: unpack_post:: {'grant_type': 'refresh_token', 'refresh_token': '<refresh-token>', 'client_id': '<client-id>'}
10/25/2022 3:36:31 PM[2022-10-25 15:36:31,502] [DEBUG] [satosa.proxy_server]: read request data: {'grant_type': 'refresh_token', 'refresh_token': '<refresh-token>', 'client_id': '<client-id>'}
10/25/2022 3:36:31 PM[2022-10-25 15:36:31,503] [INFO] [satosa.base]: [urn:uuid:<session id>] Loaded state {'SESSION_ID': 'urn:uuid:<session id>'} from cookie
10/25/2022 3:36:31 PM[2022-10-25 15:36:31,503] [DEBUG] [satosa.routing]: [urn:uuid:<session id>] Routing path: oidc/token
10/25/2022 3:36:31 PM[2022-10-25 15:36:31,503] [DEBUG] [satosa.routing]: [urn:uuid:<session id>] Unknown backend oidc
10/25/2022 3:36:31 PM[2022-10-25 15:36:31,503] [DEBUG] [satosa.routing]: [urn:uuid:<session id>] Found registered endpoint: module name:'oidc', endpoint: oidc/token
10/25/2022 3:36:31 PM[2022-10-25 15:36:31,503] [DEBUG] [pyop.client_authentication]: client authentication in request body {'grant_type': 'refresh_token', 'refresh_token': '<refresh-token>', 'client_id': '<client-id>'}
10/25/2022 3:36:31 PM[2022-10-25 15:36:31,511] [ERROR] [satosa.base]: [urn:uuid:<session id>] Uncaught exception
10/25/2022 3:36:31 PMTraceback (most recent call last):
10/25/2022 3:36:31 PM  File "/usr/local/lib/python3.8/site-packages/satosa/base.py", line 240, in run
10/25/2022 3:36:31 PM    resp = self._run_bound_endpoint(context, spec)
10/25/2022 3:36:31 PM  File "/usr/local/lib/python3.8/site-packages/satosa/base.py", line 180, in _run_bound_endpoint
10/25/2022 3:36:31 PM    return spec(context)
10/25/2022 3:36:31 PM  File "/usr/local/lib/python3.8/site-packages/satosa/frontends/openid_connect.py", line 356, in token_endpoint
10/25/2022 3:36:31 PM    response = self.provider.handle_token_request(
10/25/2022 3:36:31 PM  File "/usr/local/lib/python3.8/site-packages/pyop/provider.py", line 354, in handle_token_request
10/25/2022 3:36:31 PM    return self._do_token_refresh(token_request)
10/25/2022 3:36:31 PM  File "/usr/local/lib/python3.8/site-packages/pyop/provider.py", line 490, in _do_token_refresh
10/25/2022 3:36:31 PM    access_token, refresh_token = self.authz_state.use_refresh_token(token_request['refresh_token'],
10/25/2022 3:36:31 PM  File "/usr/local/lib/python3.8/site-packages/pyop/authz_state.py", line 266, in use_refresh_token
10/25/2022 3:36:31 PM    authz_info = self.access_tokens[refresh_token_info['access_token']]
10/25/2022 3:36:31 PM  File "/usr/local/lib/python3.8/site-packages/pyop/storage.py", line 156, in __getitem__
10/25/2022 3:36:31 PM    raise KeyError(key)
10/25/2022 3:36:31 PMKeyError: '<access token>'
10/25/2022 3:36:31 PM[2022-10-25 15:36:31,512] [ERROR] [satosa.proxy_server]: Unknown error
10/25/2022 3:36:31 PMTraceback (most recent call last):
10/25/2022 3:36:31 PM  File "/usr/local/lib/python3.8/site-packages/satosa/base.py", line 240, in run
10/25/2022 3:36:31 PM    resp = self._run_bound_endpoint(context, spec)
10/25/2022 3:36:31 PM  File "/usr/local/lib/python3.8/site-packages/satosa/base.py", line 180, in _run_bound_endpoint
10/25/2022 3:36:31 PM    return spec(context)
10/25/2022 3:36:31 PM  File "/usr/local/lib/python3.8/site-packages/satosa/frontends/openid_connect.py", line 356, in token_endpoint
10/25/2022 3:36:31 PM    response = self.provider.handle_token_request(
10/25/2022 3:36:31 PM  File "/usr/local/lib/python3.8/site-packages/pyop/provider.py", line 354, in handle_token_request
10/25/2022 3:36:31 PM    return self._do_token_refresh(token_request)
10/25/2022 3:36:31 PM  File "/usr/local/lib/python3.8/site-packages/pyop/provider.py", line 490, in _do_token_refresh
10/25/2022 3:36:31 PM    access_token, refresh_token = self.authz_state.use_refresh_token(token_request['refresh_token'],
10/25/2022 3:36:31 PM  File "/usr/local/lib/python3.8/site-packages/pyop/authz_state.py", line 266, in use_refresh_token
10/25/2022 3:36:31 PM    authz_info = self.access_tokens[refresh_token_info['access_token']]
10/25/2022 3:36:31 PM  File "/usr/local/lib/python3.8/site-packages/pyop/storage.py", line 156, in __getitem__
10/25/2022 3:36:31 PM    raise KeyError(key)
10/25/2022 3:36:31 PMKeyError: '<access token>'
10/25/2022 3:36:31 PM
10/25/2022 3:36:31 PMThe above exception was the direct cause of the following exception:
10/25/2022 3:36:31 PM
10/25/2022 3:36:31 PMTraceback (most recent call last):
10/25/2022 3:36:31 PM  File "/usr/local/lib/python3.8/site-packages/satosa/proxy_server.py", line 148, in __call__
10/25/2022 3:36:31 PM    resp = self.run(context)
10/25/2022 3:36:31 PM  File "/usr/local/lib/python3.8/site-packages/satosa/base.py", line 258, in run
10/25/2022 3:36:31 PM    raise SATOSAUnknownError("Unknown error") from err
10/25/2022 3:36:31 PMsatosa.exception.SATOSAUnknownError: Unknown error

We're running satosa with access token lifetimes of 10mins and refresh token lifetimes of 24hrs. Looking at the code, it looks like it's trying to load an access token that was already deleted by mongo.

Any ideas on how this is supposed to work? Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions