Unable to obtain new accessToken using the refreshToken.

[psi-sudhanshu]

Hello Team,

We are using authentik OAuth2/OpenID provider to support SSO in our application, using which we are successfully able to get the accessToken and userInfo but we are getting below error while generating an new accessToken using the refreshToken.

This flow works fine if the issued refreshToken does not have backward slash() but it fails if refreshToken has that. Could this be a possible reason for this issue.

refresh_token which is working,

"refresh_token": "|,Io8B9@RM%)2TCsopS^<XP01KATkdW}n#Z<$)tdl^=0<:hEqtwr$%P}L*%B(BEY5R-!a7o4P!M}fc5UP^,=0s8-bzK-sxHOzeBE'A=2ae^N/+ZBXi;_[<y?c)Aa"

refresh_token which not working,

"refresh_token": "+r|6F,r,$>%R?~>CF*Nc$55,;7.=N<l$su6vMZqet..{k$yeEP#Pk!<\QG_MU\y8Y\H&s/DVC^HdPW,ZS;]^gcDEr20'@lE4CrNv#vl2aac@$bwDir#?O?_mHcf.zl"

Refresh token which failed was neither revoked nor expired at the time of calling. But calling it throw below error and log the "Refresh token does not exist" in authentik-server

{
"error": "invalid_grant",
"error_description": "The provided authorization grant or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client"
}

{"auth_via": "unauthenticated", "event": "Refresh token does not exist", "host": "authentik.xyz.com", "level": "warning", "logger": "authentik.providers.oauth2.views.token", "pid": 9502, "request_id": "ec8b1f3a68b0473c9a48f50d6bdd6bb8", "timestamp": "2023-05-06T11:40:12.816590", "token": "+r|6F,r,$>%R?~>CF*Nc$55,;7.=N<l$su6vMZqet..{k$yeEP#Pk!<\QG_MU\y8Y\H&s/DVC^HdPW,ZS;]^gcDEr20'@lE4CrNv#vl2aac@$bwDir#?O?_mHcf.zl"}

Please let me know in case we need any changes at the application side or need some other fix.