如何使用 django oauth 工具包从刷新令牌中获取新的 access_token？

Question

我正在使用django-oauth-toolkit 版本1.1.2 来获取access_token，如下所示：-

Reauest:-

POST http://localhost:8597/login

{
    "application_id": "cuOt3raxH9ClbCrbbgP68iU6ssfO2N78TplxwlMq",
    "username": "test@gmail.com",
    "password": "test",
    "grant_type": "password"
}

Response:-

{
    "type": "success",
    "shortDescription": "User Logged in",
    "longDescription": "User logged in successfully",
    "success": "User Logged in",
    "success_message": "User logged in successfully",
    "data": {
        "access_token": "RXMXGNl2HqYJMVkCBkrrMU5aYFS8uU",
        "expires_in": 31536000,
        "token_type": "Bearer",
        "scope": "read write",
        "refresh_token": "wsLetw7c2Q56k07XoisWkEa7SYxORb",
        "user": {
            "id": "c7d9f8ee-5e87-4a70-9c07-6a2e8c13a50a",
            "created_at": "2019-11-21T16:55:45.817324+05:30",
            "email": "test@gmail.com",
            "first_name": "Test",
            "last_name": "User",
            "is_deleted": false,
            "is_email_verified": true,
            "last_login": "2020-02-19T11:17:24.656615+05:30",
            "landline_country_code": "us",
            "landline_number": "3242343434",
            "mobile_country_code": "us",
            "mobile_number": "34234234324",
            "role": "USER",
            "designation": "software engineer",
            "is_active": true,
        },
}

现在我想使用这个'refresh_token'来获取新的access_token，我提出以下请求：-

Request:-

POST http://localhost:8597/o/token/

{
    "grant_type": "refresh_token",
    "client_id": "sHPPirW86SuOwDOfhxmag1fZ9oRCpHFS24wrZj00",
    "refresh_token":"wsLetw7c2Q56k07XoisWkEa7SYxORb"
}

Response:-

{
    "error": "invalid_grant"
}

这个请求有问题，你能指导我如何解决它吗？谢谢。

Answer 1

请求看起来没问题。但请注意，当令牌无效时，我们也会收到相同的 invalid_grant 错误。由于工具包默认使用刷新令牌轮换，这也包括刷新令牌已经被使用的情况，导致相同的请求第一次工作，然后在所有后续尝试中失败并出现invalid_grant错误，我怀疑可能是您的请求。

此外，您可能还想检查请求中使用的特定令牌的刷新令牌对象，看看它是否已被撤销。