Getting unauthorized/access_denied on getting token using refresh token

wkjljadlskfjklasjflw · August 9, 2022, 2:35am

This is a code snippet on my Nextjs project using nextauth to get new tokens followed this thread

async function refreshAccessToken(token: any) {
  try {
    const url =
      `${process.env.AUTH0_ISSUER}/oauth/token?` +
      new URLSearchParams({
        client_id: process.env.AUTH0_CLIENT_ID || '',
        client_secret: process.env.AUTH0_CLIENT_SECRET || '',
        grant_type: 'refresh_token',
        refresh_token: token.refreshToken,
        scope: 'offline_access',
      });
    const response = await fetch(url, {
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
      },
      method: 'POST',
    });

    const refreshedTokens = await response.json();

    if (!response.ok) {
      throw refreshedTokens;
    }

    return {
      ...token,
      accessToken: refreshedTokens.access_token,
      accessTokenExpires: Date.now() + refreshedTokens.expires_in * 1000,
      refreshToken: refreshedTokens.refresh_token ?? token.refreshToken, // Fall back to old refresh token
    };
  } catch (error) {
    return {
      ...token,
      error: 'RefreshAccessTokenError',
    };
  }
}

I kept getting { error: 'access_denied', error_description: 'Unauthorized' } no matter how I changed Application Type, Token Endpoint Authentication Method or other settings.

rueben.tiow · August 9, 2022, 4:09pm

Hi @wkjljadlskfjklasjflw ,

Welcome to the Auth0 Community!

I understand that you have encountered the 401 Unauthorized error when trying to get a new access token using a refresh token.

After testing this myself, I could successfully get a new access token using a refresh token. The only way I could reproduce the 401 Unauthorized error is when I used an incorrect client_id and/or client_secret in my request.

Given that, could you please double-check that your client_id and client_secret values are correct?

Please let me know your findings.

Thank you.

wkjljadlskfjklasjflw · August 9, 2022, 7:30pm

Hi @rueben.tiow ,

Thanks for the response. Turns out that I have to put all params to request body instead of URLParams, also need to change Content-Type to application/json and it works.

rueben.tiow · August 9, 2022, 11:02pm

Hi @wkjljadlskfjklasjflw,

Thank you for your response, and I’m glad you managed to get the request working!

Please reach out if you have any additional questions.

Thank you.

Topic		Replies	Views
@auth0/nextjs-auth0 getAccessToken Error Help sessions , rotating-refresh-tokens	0	1815	May 7, 2023
401 unauthorized error throws when accessing oauth/token api from Nextjs App Help management-api , tenants	2	874	March 19, 2024
Use Refresh Tokens in Node.js (and axios): Receiving 401 error (access_denied, Unauthorized) Help auth0 , nodejs , refresh-tokens	2	4448	March 18, 2022
Getting "access_denied" when calling for a refresh token on "oauth/token" Help	5	4130	August 30, 2019
Oauth/token gets Unauthorized / access_denied response Help management-api , client-grants	2	1924	October 25, 2023

Getting unauthorized/access_denied on getting token using refresh token

Related topics