[oauth2] Failed to refresh token

[enbochen]

After 360 seconds timeout of the token, oauth2 client (I have tried different clients, same issues) failed to refresh token:
Original error:
[oauth2] Failed to refresh token url=https://online.planmill.com/:instance/api/oauth2/token status=400
Any ideas about this? Thanks!

[enbochen]

{"error":"invalid_grant","error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}

[antansk]

Hey,

sorry for no one replying for a such a long time. These issues haven't been monitored for a while.

Have you been able to resolve this issue?

It should work by following the Getting started instructions:
https://github.com/planmill/api/wiki/Getting-started

[ollivatto]

As per our experience this seems to be due to non-compliant refresh flow (see https://tools.ietf.org/html/rfc6749#section-2.3.1). The server should accept client credentials in Authorization header but unfortunately this implementation only accepts the client_id and client_secret values in request-body.