I see "invalid grant" responses on some refresh_token grant type requests. How can I see detailed information about the reason of "invalid grant". What is invalid?
Asked
Active
Viewed 182 times
1 Answers
0
Once your system is configured correctly there is only one reason why this should occur: when the refresh token expires. Therefore it is used in production code to determine 'end of session'.
A common reason might be a user leaving their UI running overnight and then experiencing a 401 when calling an API, followed by 'invalid_grant' when trying to refresh the token.
This should be handled gracefully, via an authorization redirect to ask the user to re-authenticate. Here is some example code from a mobile sample of mine.
Gary Archer
- 22,534
- 2
- 12
- 24