IBM Support

IT11426: OAUTH REFRESH TOKEN CANNOT BE RE-USED

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • When trying to use the OAuth refresh token more than once, the
    following error is received:
    
    [oauth][error] xmlfirewall(azsvr-xmlfw):
    tid(72529)[request][1.2.3.4]: *[client-8000] An error occurred
    while verifying the refresh_token for *[client-8000]
    refresh_token was used before, message rejected**
    
    
    The refresh token should be allowed to be re-used several times
    to get tokens with different scopes.  This would allow a user
    to get multiple tokens for various applications starting
    from a single token.
    

Local fix

Problem summary

  • Affected is the use if Oauth refresh token.
    
    Conform to the IETF spec that the refresh token scope MUST be
    identical to that of the refresh token included by the client in
    the request.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    IT11426

  • Reported component name

    DATAPOWER

  • Reported component ID

    DP1234567

  • Reported release

    720

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-09-24

  • Closed date

    2015-12-21

  • Last modified date

    2016-02-15

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DATAPOWER

  • Fixed component ID

    DP1234567

Applicable component levels

  • R600 PSY

       UP

  • R601 PSY

       UP

  • R700 PSY

       UP

  • R710 PSY

       UP

  • R720 PSY

       UP



Document information

More support for: IBM DataPower Gateways
General

Software version: 7.2

Reference #: IT11426

Modified date: 15 February 2016