Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle revocated refresh token #1208

Open
smadbe opened this issue Nov 1, 2024 · 1 comment · May be fixed by #1242
Open

Handle revocated refresh token #1208

smadbe opened this issue Nov 1, 2024 · 1 comment · May be fixed by #1242
Assignees
@zenovich

Comments

@smadbe
Copy link
Contributor

smadbe commented Nov 1, 2024

Motivations

Currently, if the refresh token is revocated, we get a 5xx error on authentication. It is not really "unexpected", we should handle it properly.

Subtasks

Handle that properly : the only solution may be just to inform the frontend that it has to fully reauthenticate, so for instance with a 403.
@zenovich
Copy link
Collaborator

The error looks like:

unexpected error: oauth2: cannot fetch token: 401 Unauthorized\nResponse: {\"error\":\"invalid_request\",\"message\":\"The refresh token is invalid.\",\"hint\":\"Token has been revoked\"}, stack trace: goroutine 1 [running]:\nruntime/debug.Stack()\n\t/usr/local/go/src/runtime/debug/stack.go:24 +0x65\[ngithub.com/France-ioi/AlgoreaBackend/v2/app/service.AppHandler.ServeHTTP.func1()](http://ngithub.com/France-ioi/AlgoreaBackend/v2/app/service.AppHandler.ServeHTTP.func1())\n\t/home/circleci/proje

@zenovich zenovich linked a pull request Jan 28, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zenovich zenovich

Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@zenovich @smadbe