Open Closed

Occasional "Refresh token is not valid!" when trying to login #11197


0
justinidsza created

Prerequisites

  • What is your product version? 11.2.1
  • What is your product type (Angular or MVC)? Angular
  • What is product framework type (.net framework or .net core)? .NET Core

If issue related with ABP Framework

  • What is ABP Framework version? 7.3

If issue is about UI

  • Which theme are you using? Default
  • What are the theme settings? Default

Hi,

Sometimes, not always, we have users who have been inactive for a couple of days, who then try to login and receive a "An internal error occurred during the request" error. When looking at the AuditLogs I see "Refresh token is not valid!" errors.

The problem is when then the user gets this error they are unable to login, even if they capture their credentials correctly. I have to get them to us a private / incognito window to login or to clear their browser cache. This is not a very good user experience.

My questions are as follows:

  1. What can be causing the a 'Refresh token is not valid' error when the user has only be inactive for a couple of days? NB we have not changed the default refresh token expiration
  2. Why does the framework not handle this gracefully? If the user authenticates successfuly but the refresh token is invalid, why not just issue them a new one?
  3. Is there some code I can add to handle this gracefully, so that they don't have to clear their browser cache or use a private / incognito window?

As I mentioned, this only happens sometimes and only to some users.

Below are screenshots the user sent me when trying to login

When looking at the logs I see this:

Exception System.ComponentModel.DataAnnotations.ValidationException: Refresh token is not valid! at RMS.Web.Controllers.TokenAuthController.RefreshToken(String refreshToken) in /src/src/RMS.Web.Core/Controllers/TokenAuthController.cs:line 263 at lambda_method14159(Closure , Object ) at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.

Parameters {"refreshToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1laWRlbnRpZmllciI6IjIwIiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvbmFtZSI6IlJhbWFrZ29sbyIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2VtYWlsYWRkcmVzcyI6InJhbWFrZ29sby5sZWthbGFrYWxhQHVsLmFjLnphIiwiQXNwTmV0LklkZW50aXR5LlNlY3VyaXR5U3RhbXAiOiJTUEdXT1JPQk5LUEgyV1FOT041VExBVFZDVUpWS1BTRiIsImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSI6WyJSZXNlYXJjaCBPZmZpY2UgT2ZmaWNpYWwiLCIwOTc4YzljY2Q0ZTA0NTgxYTMwZGFiYmYzYzJiZTU4ZiIsImQwNWFmYmYwOTI2YjQyYTRiOWQ2ZmRiOTVhMjQzMDNhIl0sImh0dHA6Ly93d3cuYXNwbmV0Ym9pbGVycGxhdGUuY29tL2lkZW50aXR5L2NsYWltcy90ZW5hbnRJZCI6IjIwIiwic3ViIjoiMjAiLCJqdGkiOiI2OTY1ZWJjNy0zMDFiLTQ2MGEtOTRiMy01YzhiZGI3Y2QwYTciLCJpYXQiOjE2NTgzMjEwMzgsInRva2VuX3ZhbGlkaXR5X2tleSI6IjZhYjU0N2VmLTI5YzQtNGM1ZS1hZDQxLTU1NWRlYmU3ZjNkNCIsInVzZXJfaWRlbnRpZmllciI6IjIwQDIwIiwidG9rZW5fdHlwZSI6IjEiLCJuYmY...

Thank you, Justin


8 Answer(s)
  • 0
    rickfrankel created

    Tagging myself in this ticket as I'm seeing lots of these errors through my logs as well. Curious to see what the cause is. Don't believe I was seeing this in our logs when we were on version 10 so it looks to be something specific to v11.

  • 0
    rickfrankel created

    @here Could we get a response on this one please. Here is some more data. I turned on debug logging for the tokenauthcontroller.

    2022-08-04T10:07:24.529+10:00 - 9d95359ff29d - Abp.AspNetCore.Mvc.ExceptionHandling.AbpExceptionFilter - Refresh token is not valid! System.ComponentModel.DataAnnotations.ValidationException: Refresh token is not valid! at XXX.Web.Controllers.TokenAuthController.RefreshToken(String refreshToken) in D:\a\1\s\aspnet-core\src\XXX.Web.Core\Controllers\TokenAuthController.cs:line 376 at lambda_method15537(Closure , Object ) at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)

    DEBUG2022-08-04T10:07:24.308+10:00 - 9d95359ff29d - XXX.Web.Controllers.TokenAuthController - Microsoft.IdentityModel.Tokens.SecurityTokenException: invalid token type at XXX.Web.Authentication.JwtBearer.XXXAsyncJwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters) in D:\a\1\s\aspnet-core\src\XXX.Web.Core\Authentication\JwtBearer\XXXAsyncJwtSecurityTokenHandler.cs:line 76 at XXX.Web.Controllers.TokenAuthController.IsRefreshTokenValid(String refreshToken) in D:\a\1\s\aspnet-core\src\XXX.Web.Core\Controllers\TokenAuthController.cs:line 1011 Microsoft.IdentityModel.Tokens.SecurityTokenException: invalid token type at XXX.Web.Authentication.JwtBearer.XXXAsyncJwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters) in D:\a\1\s\aspnet-core\src\XXX.Web.Core\Authentication\JwtBearer\XXXAsyncJwtSecurityTokenHandler.cs:line 76 at XXX.Web.Controllers.TokenAuthController.IsRefreshTokenValid(String refreshToken) in D:\a\1\s\aspnet-core\src\XXX.Web.Core\Controllers\TokenAuthController.cs:line 1011

  • 0
    rickfrankel created

    I've done some more debugging here.

    It would appear that

            var principal = _tokenHandler.ValidateToken(securityToken, validationParameters, out var validatedToken);
    

    On line 43 in the ValidateToken method of teh AsyncJwtSecurityTokenHandler only returns a principal with claims of a token_type of 1.

    When you get to line 45 in the HasAccessTokenType which checks for a token_type of 0 (being the access token) its not there and the exception is thrown and the refresh token is never allowed to be valid then.

    Trying to find where this broke as I'm pretty sure it used to work.

  • 0
    rickfrankel created

    AHHHHH https://github.com/aspnetzero/aspnet-zero-core/commit/75a802fc92b80c04666e071a2d40a46c70299614

    I seee :)

  • 0
    rickfrankel created

    After much searching. https://github.com/aspnetzero/aspnet-zero-core/issues/4444

    Need to upgrade to the new version :) 11.3

    Thanks

  • 0
    rickfrankel created

    @ismcagdas

    Can you advise when 11.3 won't be an RC any more?

  • 0
    justinidsza created

    Hi,

    Can I please get some feedback on this?

    Thank you

  • 0
    rickfrankel created

    @justinidsza. it's a know issue and fixed in 11.3