Exception when refreshing a token after grant has expired

When trying to use a refresh token after grant (the session) expires, there is an unclear error: `NoneType object has no attribute expires_at`

This is because here, the `access_token.expires_at` property is accessed:
https://github.com/IdentityPython/oidc-op/blob/2f81e246ff9ef412f5dc786cd2cfa5dd5fccf9e1/src/oidcop/oauth2/token.py#L279

where `access_token` is a result of [grant.mint_token](https://github.com/IdentityPython/oidc-op/blob/8de3acf28be2777480c4398c443f698def9c9724/src/oidcop/session/grant.py#L250), which may return `None`:
https://github.com/IdentityPython/oidc-op/blob/8de3acf28be2777480c4398c443f698def9c9724/src/oidcop/session/grant.py#L261

And it returns `None` whenever the grant/token is not active:
https://github.com/IdentityPython/oidc-op/blob/8de3acf28be2777480c4398c443f698def9c9724/src/oidcop/session/grant.py#L274

Which happens when the grant expires (e.g. I set the grant expiration to 12 hours and I try to use a refresh token on the token endpoint after 13 hours).

This causes an exception, which for example in [satosa-oidcop](https://github.com/UniversitaDellaCalabria/SATOSA-oidcop/blob/6f1f4b1ca7fab32d11a17bb861e5d2bc5f3c8a2d/satosa_oidcop/idpy_oidcop.py#L216) is handled by a general error response `"request cannot be processed"`, which does not say much.

I guess I should set grant expiration to be longer than any token expiration (e.g. refresh token expiration) in the config, but this exception may still be addressed to provide better error message.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Exception when refreshing a token after grant has expired #202

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Exception when refreshing a token after grant has expired #202

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions