Headless Delivery Refresh Token with PKCE FlowHeadless Delivery Refresh Token with PKCE Flowhttps://liferay.dev/c/message_boards/find_thread?p_l_id=119785294&threadId=1207287732026-04-04T07:55:37Z2026-04-04T07:55:37ZRE: Headless Delivery Refresh Token with PKCE FlowTomáš Polešovskýhttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1207356662021-04-20T17:54:57Z2021-04-20T17:54:57Z<blockquote>
<p>but when using the Authorization with PKCE, there is no
client_secret, so this request will not work. </p></blockquote>
<p>It works for me.</p>
<p>
<code>curl 'http://localhost:8080/o/oauth2/token' \<br /> -H
'Content-Type: application/x-www-form-urlencoded' \<br /> --data
'client_id=my-pkce-client' \<br /> --data
'grant_type=refresh_token' \<br /> --data
'refresh_token=bfc9878164882767b19a9fa29b13ecc6f1c9c124a68d426158ec4bb3e7d'
\<br /> --compressed<br /> </code></p>Tomáš Polešovský2021-04-20T17:54:57ZRE: RE: Headless Delivery Refresh Token with PKCE FlowStephen Grecohttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1207372532021-04-19T10:27:50Z2021-04-19T10:27:50Z<p>Thats for the response Javier. This request does work for me when
using the standard Authorization Code flow, but when using the
Authorization with PKCE, there is no client_secret, so this request
will not work. </p>
<p>I did base my other attempts off of this and tried many different
combinations, and I keep getting the unauthorized_client error but no
other details. Instead of the client_secret the PKCE flow utiliizes
the code verifier and code challenge to obtain the first token, I have
tried to send those appropriate values as well with no success.</p>Stephen Greco2021-04-19T10:27:50ZRE: Headless Delivery Refresh Token with PKCE FlowJavier Gamarrahttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1207368172021-04-17T21:14:54Z2021-04-17T21:14:54Z<p>Hi! </p>
<p>I'm not an expert on OAuth (maybe the security team can chime in on this)...</p>
<p>Can you paste the request you are trying? I've tried to refresh a
token (but with another flow) with a request like this and I get a new
valid access token:</p>
<p>
<br />curl -X "POST"
"http://localhost:8080/o/oauth2/token" \<br /> -H
'Content-Type: application/x-www-form-urlencoded; charset=utf-8'
\<br /> --data-urlencode
"client_id=id-64eaf18c-49bb-6c9c-7b9a-84f17f65d21" \<br />
--data-urlencode
"client_secret=secret-98fecb7d-3421-78e4-bca5-955b08f7f58"
\<br /> --data-urlencode "grant_type=refresh_token"
\<br /> --data-urlencode
"redirect_uri=http://localhost:8080/" \<br />
--data-urlencode "refresh_token=2f485f80a58f3bb3e964ddbbe3da71561d1f459a75a1ec58365bd39a3762c9d"<br /> </p>Javier Gamarra2021-04-17T21:14:54ZHeadless Delivery Refresh Token with PKCE FlowStephen Grecohttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1207287722021-04-15T11:46:39Z2021-04-15T11:46:39Z<p>I am struggling to obtain refresh tokens wihen using the
headess-delivery with the PKCE OAuth 2.0 Flow. There doesnt seem to
be any documentation on how to obtain a new token using the refresh
token. The PKCE flow is wokring fine for obtaining the original token
but when I request a new token using the refresh_token, it is
returning an error 'unauthorized client'. I am simply looking for
some sort of example or documentation on how to do this.</p>Stephen Greco2021-04-15T11:46:39Z