RESTful knowledge exchange
Post Reply
paul.watson.su
Novice
Posts: 4
Liked: 1 time
Joined: Jun 11, 2021 9:22 am
Full Name: Paul Watson
Contact:

How to handle the refresh token

Post by paul.watson.su » 1 person likes this post

Hi,

I'm using the REST API, I get an initial token using my username and password which works fine and gives me back a refresh token.

Request (secrets replaced with "value")

Code: Select all

client_id=&client_secret=&grant_type=password&username=value&password=value
Response (secrets replaced with "value")

Code: Select all

{
    "access_token": "value",
    "token_type": "bearer",
    "refresh_token": "value",
    "expires_in": 900,
    ".issued": "2021-06-11T15:30:14+01:00",
    ".expires": "2021-06-11T15:45:14+01:00"
}
Which I can then proceed to use fine. I then get a refresh token which comes back OK

Request (secrets replaced with "value")

Code: Select all

grant_type=refresh_token&refresh_token=value
Response (secrets replaced with "value")

Code: Select all

{
    "access_token": "value",
    "token_type": "bearer",
    "refresh_token": "value",
    "expires_in": 900,
    ".issued": "2021-06-11T15:34:06+01:00",
    ".expires": "2021-06-11T15:49:06+01:00"
}
Then when I hit any endpoint that requires authorisation I get back a HTTP 403 Forbidden response with no body or further details. Could someone advise me what I'm doing wrong? It sounds like I'm losing permissions in my refresh token.

I've also tried using /authorization_code and then refetching my initial token using the given authorization code with grant_type=authorization_code however this always fail with HTTP 401 Unauthorized.

Thank you in advance

oleg.feoktistov
Veeam Software
Posts: 1053
Liked: 372 times
Joined: Sep 25, 2019 10:32 am
Full Name: Oleg Feoktistov
Contact:

Re: How to handle the refresh token

Post by oleg.feoktistov »

Hi Paul,

I tested it in my lab and had no issues entering resource endpoints using access token re-generated with refresh token.
Might it be the case that you are trying to utilize refresh token instead of access token to query endpoints, which require authorization?

As for authorization code, it is a known bug, which we are planning to fix in vNext.

Thanks,
Oleg

paul.watson.su
Novice
Posts: 4
Liked: 1 time
Joined: Jun 11, 2021 9:22 am
Full Name: Paul Watson
Contact:

Re: How to handle the refresh token

Post by paul.watson.su »

Hi Oleg,

Looking at my logs I can confirm I was using the new access token given to me after trading in my refresh token on future requests.
The access token goes back into header of my requests as

Code: Select all

Authorization: Bearer eyJhbGciO...
On a possible side note I went to recreate it to double check however I'm seeing a different issue. I get my initial access token with username and password which works fine and I'm able to make queries. When I authorise the refresh token the first response from the oauth2/token endpoint comes back

Code: Select all

{
    "errorCode": "AccessDenied",
    "message": "The user name or password is incorrect.\r\n",
    "resourceId": null
}
And any subsequent requests come back

Code: Select all

{
    "errorCode": "AccessDenied",
    "message": "Token [153d14e9-8c7a-47ec-8fcc-beadc98dc335] with expiration date [29/06/2021 10:02:26] is invalid",
    "resourceId": null
}
Which confuses me as I was able to initially log in with username and password fine

Thanks again

oleg.feoktistov
Veeam Software
Posts: 1053
Liked: 372 times
Joined: Sep 25, 2019 10:32 am
Full Name: Oleg Feoktistov
Contact:

Re: How to handle the refresh token

Post by oleg.feoktistov »

Hi Paul,

Do you have any cumulative patches installed on VBR? I patched my server and can see some issues with refresh token now, but they differ from yours. So, I'm trying to figure out where it could go wrong.

Thanks,
Oleg

paul.watson.su
Novice
Posts: 4
Liked: 1 time
Joined: Jun 11, 2021 9:22 am
Full Name: Paul Watson
Contact:

Re: How to handle the refresh token

Post by paul.watson.su »

Hi Oleg,

I don't believe so. From what I understand we have version 11 but doing a 'Check for updates' doesn't report anything back.
I don't administer the Veeam instance myself but can get more information from the right people if needed.

Thanks,
Paul

Cragdoo
Veeam Vanguard
Posts: 587
Liked: 234 times
Joined: Sep 27, 2011 12:17 pm
Full Name: Craig Dalrymple
Location: Scotland
Contact:

Re: How to handle the refresh token

Post by Cragdoo » 1 person likes this post

Hi Paul

https://www.veeam.com/kb4126

for the patch releases

oleg.feoktistov
Veeam Software
Posts: 1053
Liked: 372 times
Joined: Sep 25, 2019 10:32 am
Full Name: Oleg Feoktistov
Contact:

Re: How to handle the refresh token

Post by oleg.feoktistov »

Confirmed that refresh token doesn't work in both v11 GA or patched. Raised this question with QA. Will keep you posted. Thanks!

oleg.feoktistov
Veeam Software
Posts: 1053
Liked: 372 times
Joined: Sep 25, 2019 10:32 am
Full Name: Oleg Feoktistov
Contact:

Re: How to handle the refresh token

Post by oleg.feoktistov »

Discussed this issue with QA, and they confirmed it as a bug. The fixed is planned for vNext. Thanks!

paul.watson.su
Novice
Posts: 4
Liked: 1 time
Joined: Jun 11, 2021 9:22 am
Full Name: Paul Watson
Contact:

Re: How to handle the refresh token

Post by paul.watson.su »

Thank you Oleg for taking the time to look into this

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest