Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Silent refresh Authorization header #1418

Open
teheidoma opened this issue Jun 27, 2024 · 0 comments
Open

Silent refresh Authorization header #1418

teheidoma opened this issue Jun 27, 2024 · 0 comments

Comments

@teheidoma
Copy link

I have my authorization server (spring boot auth server) refusing to return a access token for silent refresh. However initial request for code flow works just fine.
After doing some investigating, I find out that for some reason, silent refresh /oauth2/token send Authorization header with request
image
but initial one doesn't
image
then my auth server tries to decode jwt token and extract client auth from it and fails.

So my question is, is that a expected behavior? I can't see in oauth2 specification any case when users access token used for obtaining a new token. Or there is a problem on my configuration side and this not suppose to happen
@teheidoma teheidoma changed the title Silent refresh Authoriaztion header Silent refresh Authorization header Jun 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@teheidoma