Skip to content

Token refresh flow is not implemented #665

New issue
New issue
Open
#936
Open
Token refresh flow is not implemented#665
#936
Labels
authIssues and PRs related to authorizationbugSomething isn't workingneeds-triageNeeds to be triaged by maintainersp1-highHigh priority - should be addressed soon
@bojanbg

Description

@bojanbg
bojanbg
opened on Aug 1, 2025

Describe the bug
Token refresh flow doesn't refresh the token, but simply runs the normal auth flow again from the start.

To Reproduce
Steps to reproduce the behavior:

  1. Authenticate using either "Guided OAuth Flow" or "Quick OAuth Flow"
  2. Then request token refresh either using "Guided Token Refresh" or "Quick Refresh".

Expected behavior

  • Not to have a Client Registration step, since token refresh should use the existing client id.
  • Use auth server's token refresh functionality, instead of registration/authentication flow. Especially, grant_type should be refresh_token.

Logs
Initiating token refresh clearly shows

grant_type=authorization_code

in the POST request's form data. Instead it should be grant_type=refresh_token

Additional context
Related to #608, but the difference is that there it is about not refreshing the token after a timeout, but here it is about the manual "Guided Token Refresh"/"Quick Refresh" flow.

Metadata

Metadata

Assignees

No one assigned

    Labels

    authIssues and PRs related to authorizationbugSomething isn't workingneeds-triageNeeds to be triaged by maintainersp1-highHigh priority - should be addressed soon

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions