You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Which version of Duende IdentityServer are you using?
v6.2.5
Which version of .NET are you using?
net6.0
Describe the bug
When upgrading to v6.3 we experience that suddenly when calling the connect/token endpoint, with a refresh token, we receive the following error.
{
"error": "invalid_request",
"error_description": "Proof of possession can't be used on subsequent token requests unless used when requesting the initial refresh token."
}
To Reproduce
Steps to reproduce the behavior.
We call the connect/token endpoint with the following first.
Which version of Duende IdentityServer are you using?
v6.2.5
Which version of .NET are you using?
net6.0
Describe the bug
When upgrading to v6.3 we experience that suddenly when calling the
connect/token
endpoint, with a refresh token, we receive the following error.To Reproduce
Steps to reproduce the behavior.
We call the
connect/token
endpoint with the following first.Then we make a call to our own custom endpoint, see the code here https://gist.github.com/brkmover/57350b1afe450f3d83ff35f25d40aab5. Note, this code works in v6.2 but not in v6.3.
Using the refresh token from the above custom code in the gist we make another call to the connect endpoint as follows.
This now results in the PoP error.
Expected behavior
Retrieving a valid token using the generated refresh token.
Additional context
We are using the Starter edition license.
The text was updated successfully, but these errors were encountered: