Invalid client when trying to refresh token from command line

(Ankush Thakur) #1

I’m getting the invalid_client error when trying to refresh my token. To keep things simple, this time I sent the refresh request from command line itself:

curl --header "Authorization: BasicBASE64ENCODED" --data "refresh_token=REFRESH_TOKEN&grant_type=refresh_token"

Am I doing something wrong?

Api Key Refresh
(John Borelli) #2

Don’t know about the grant type etc but “Developer Inactive” always means that the token has already been used and consequently invalidated (either that or it never existed which I’m sure isn’t the case and still would amount to being invalid)

(Ankush Thakur) #3

Hey sorry, I’ve just changed the question! Actually I was using the wrong URL! Please respond to my changed question. :slight_smile:

(John Borelli) #4

So requesting refresh has two parts in the send. The first is to determine who you are and the second is to register renewal for a previously established authorization token. When you establish who you are correctly but the refresh token has been invalidated then you will get the developer inactive message but when you haven’t authenticated who you are correctly with your credentials then you will get the invalid client message. Now, I don’t know the correct method for the way you’re doing it but I would assume that you’re using your client id/secret from your mashery account and running it as basic auth. If that’s the correct thing to do there then that would take the form of BASE64(CLIENT_ID:CLIENT_SECRET). Also, have you verified in Mashery that the account is active and not ‘pending’?

(Ankush Thakur) #5

Hi John, the Mashery status shows active for my app and I’m indeed using base64_encode($client_id . ':' . $client_secret) and then sending Basic . $result as the header. I don’t want to dive into the PHP SDK and am wondering why a simple POST request doesn’t work. Interestingly, I was able to obtain the access token and work with it by sending a command-line POST request. :unamused:

(John Borelli) #6

Does the above mean that there is no space between Basic and the base64?

(Ankush Thakur) #7

Yes, there is no space there. It’s the PHP dot operator for string concatenation (somehow I assumed everyone here was using PHP, LOL!). I’m using the command exactly as I described in my very first post. I’m just at a loss to understand why it should fail. I’m going to try the Lumen setup next, but this should work, unless I’m doing something very wrong.

(John Borelli) #8

The thing is that for the header it should resolve to Authorize: Basic (your base64) … that’s with a space. At least, I’ve never seen basic authentication without a space after Basic

(Ankush Thakur) #9

PERFECT! Worked this time. Thank you so much! :laughing:

The docs didn’t make it clear that a space was needed. May I request that those be updated? Once again, thank you SO very much for your efforts.

(John Borelli) #10

:wink: yeah the docs wouldn’t because that’s an http standard. Glad it worked out.

(Ankush Thakur) #11

Silly me! I must admit I have limited exposure to standards and such. Anyway, all’s well now. :slight_smile: