When trying to use a refresh token after grant (the session) expires, there is an unclear error: NoneType object has no attribute expires_at
This is because here, the access_token.expires_at property is accessed:
|
if access_token.expires_at: |
where access_token is a result of grant.mint_token, which may return None:
|
) -> Optional[SessionToken]: |
And it returns None whenever the grant/token is not active:
|
if self.is_active() is False: |
Which happens when the grant expires (e.g. I set the grant expiration to 12 hours and I try to use a refresh token on the token endpoint after 13 hours).
This causes an exception, which for example in satosa-oidcop is handled by a general error response "request cannot be processed", which does not say much.
I guess I should set grant expiration to be longer than any token expiration (e.g. refresh token expiration) in the config, but this exception may still be addressed to provide better error message.
When trying to use a refresh token after grant (the session) expires, there is an unclear error:
NoneType object has no attribute expires_atThis is because here, the
access_token.expires_atproperty is accessed:oidc-op/src/oidcop/oauth2/token.py
Line 279 in 2f81e24
where
access_tokenis a result of grant.mint_token, which may returnNone:oidc-op/src/oidcop/session/grant.py
Line 261 in 8de3acf
And it returns
Nonewhenever the grant/token is not active:oidc-op/src/oidcop/session/grant.py
Line 274 in 8de3acf
Which happens when the grant expires (e.g. I set the grant expiration to 12 hours and I try to use a refresh token on the token endpoint after 13 hours).
This causes an exception, which for example in satosa-oidcop is handled by a general error response
"request cannot be processed", which does not say much.I guess I should set grant expiration to be longer than any token expiration (e.g. refresh token expiration) in the config, but this exception may still be addressed to provide better error message.