{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 forever°为你锁心 的问题《OAuth Refresh Token does not deserialize / invalid》','https://www.manongdao.com/q-748824.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have followed the wonderful tutorial by Taiser Joudah for implementing refresh tokens with Asp.Net Web Api 2 and Owin. It all went so well...except I can't get it to work. :-) It all "seems" like it works up until the point I request a refresh token. Then all I get back is:
“error”: “invalid_grant”
and no description to go with. One of the comments on that post had the same symptom and the response was to generate a MachineKey for the web.config. I tried this but it didn't help. And I'm thinking that maybe only applies when the Auth and Resource server are not the same anyway, which in this case they are.
The bottom line is using PostMan I can make the request for the refresh token and in ReceiveAsync the context.Ticket deserialization does not work. After the call to “context.DeserializeTicket(refreshToken.ProtectedTicket);” the context.Ticket is still null. Curiously if I manually deserialize the ProtectedTicket using the Acccess Token’s AccessTokenFormat it will deserialize properly. But it does not work using the Refresh Token's RefreshTokenFormat object:
var thisWorks = Startup.OAuthOptions.AccessTokenFormat.Unprotect(refreshToken.ProtectedTicket);
var thisDoesnt = Startup.OAuthOptions.RefreshTokenFormat.Unprotect(refreshToken.ProtectedTicket);
It sure seems like a config problem…but I’ve racked my brains and compared a lot of samples. What could be causing this?
EDIT Oops...meant to link to the tutorial article: http://bitoftech.net/2014/07/16/enable-oauth-refresh-tokens-angularjs-app-using-asp-net-web-api-2-owin/
I think your problem is the order you create the
refresh_tokenwithCreateAsync. Make sure you follow order bellow:Then you can persist the token into DB. But have in mind that it is not necessary to persist. You can
DeserializeTicketfromcontext.TokeninReceiveAsync:Hope this help!
Following the same tutorial, I had the same problem, this worked for me