[OAuth][Keycloak] invalid_grant session not active when trying to use refresh_token

Question

I'm trying to refresh the oauth2 token using ClientOAuth2.Token.refresh() but keep getting the error sometimes: {"error":"invalid_grant","error_description":"Session not active"}

This is the request which I captured by Fiddler

POST [URL]= HTTP/1.1
Host: [URL]
Connection: keep-alive
Content-Length: 2250
Accept: application/json, application/x-www-form-urlencoded
Origin: http://localhost:8080
Authorization: Basic YXNpbW92LWRldi1laGlzLXdlYjo=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36
Sec-Fetch-Mode: cors
Content-Type: application/x-www-form-urlencoded
Sec-Fetch-Site: cross-site
Referer: http://localhost:8080/
Accept-Encoding: gzip, deflate, br
Accept-Language: en,vi;q=0.9,de;q=0.8,vi-VN;q=0.7,en-US;q=0.6,en-AU;q=0.5

refresh_token=[token]&grant_type=refresh_token

Maybe somethings wrong with my setting on KeyCloak account. Are there any suggestions?

Gab · Answer 1 · 2022-02-01T10:27:59.217

7

You need to add the scope offline_access when retrieving the original token, otherwise you won't be able to refresh it when the related user session is not active (this is specific to OIDC, not oauth2).

edited Feb 01 '22 at 10:27

answered May 06 '20 at 13:01

Gab

7,869
4
37
68

Gary Archer · Answer 2 · 2021-03-07T10:05:14.797

1

Could be that your refresh token grant message is incomplete - missing a client ID or offline access scope - see the Refresh Token Grant section of my article on OAuth messages.

edited Mar 07 '21 at 10:05

answered Oct 10 '19 at 19:52

Gary Archer

22,534
2
12
24

score -3 · Answer 3 · answered Jan 04 '21 at 16:59

-3

It is because you are logged out from you client application. That's why it giving you the error.

answered Jan 04 '21 at 16:59

Chirag Patel

500
1
6
17

[OAuth][Keycloak] invalid_grant session not active when trying to use refresh_token

3 Answers3