Skip to content

Exchange SSO refresh token for access token API call results in an HTTP 500 Error #2594

New issue
New issue
Closed
Closed
Exchange SSO refresh token for access token API call results in an HTTP 500 Error#2594
Assignees
robotdan
Labels
bugSomething isn't working
Milestone
1.49.0
@tomzorz

Description

@tomzorz
tomzorz
opened on Dec 19, 2023

Exchange SSO refresh token for access token API call results in an HTTP 500 Error

Description

I'm trying to call the "exchange refresh token for access token" API, and I'm getting an HTTP 500 error. This API has worked in the past. I know if I provide it a random string for refresh token, it will complain it wasn't a proper token - so the code does run partially. But otherwise I get no information back besides '{"fieldErrors":{},"generalErrors":[{"code":"[Exception]","message":"FusionAuth encountered an unexpected error. Please review the troubleshooting guide found in the documentation for assistance and the available support channels."}]}'. I don't even see the error in the logs of our instance.

Affects versions

1.46.0, 1.48.3.

Steps to reproduce

  • enable refresh tokens on the login api (also works with oauth2 grants, but this is simpler)
  • when you login to any application (including the admin ui) check 'keep me signed in'
  • retrieve the token values using the api. Select the token with no application id.
  • present that to the oauth2 token endpoint
  • see this error
{"fieldErrors":{},"generalErrors":[{"code":"[Exception]","message":"FusionAuth encountered an unexpected error. Please review the troubleshooting guide found in the documentation for assistance and the available support channels."}]}%
  • look in the system log and see
fusionauth-1  | 2024-01-23 04:54:34.335 PM ERROR io.fusionauth.app.primeframework.error.ExceptionExceptionHandler - An unhandled exception was thrown
fusionauth-1  | java.lang.NullPointerException: Cannot invoke "java.util.UUID.equals(Object)" because "<parameter1>.refreshToken.applicationId" is null
fusionauth-1  | 	at io.fusionauth.api.service.oauth2.DefaultOAuthService.validateTokenEndpointRefreshTokenGrant(DefaultOAuthService.java:2185)
fusionauth-1  | 	at io.fusionauth.api.service.oauth2.DefaultOAuthService.validateTokenRequest(DefaultOAuthService.java:1270)
fusionauth-1  | 	at io.fusionauth.app.action.oauth2.TokenAction.post(TokenAction.java:125)
fusionauth-1  | 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
fusionauth-1  | 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)

Original steps to reproduce

Invoke the API with a valid refresh token.

Expected behavior

We get an access token.

Screenshots

Nothing useful.

Platform

  • Device: Desktop/any
  • OS: Windows, any
  • Browser + version: Vivaldi latest, but any
  • Database: you are hosting

Community guidelines

Release notes

Improved validation and error messaging when calling the /oauth2/token endpoint with an incorrect refresh token.

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

FusionAuth Issues

Status

Delivered

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions