Token endpoint to refresh token

Hello, I am trying refresh my token that was generated with my web client with my api client using /oauth/v2/token with jwt method but it's considered as inactive while the access token is still active using introspect endpoint

def create_client_assertion(self) -> str:
        now = int(time.time())
        payload = {
            "iss": self.JWT_KEY_FILE["client_id"],
            "sub": self.JWT_KEY_FILE["client_id"],
            "aud": settings.ZITADEL_DOMAIN,
            "exp": now + 60 * 60,
            "iat": now
        }
        headers = {
            "alg": "RS256",
            "kid": self.JWT_KEY_FILE["key_id"]
        }
        return jwt.encode(
            payload,
            self.JWT_KEY_FILE["private_key"],
            algorithm="RS256",
            headers=headers
        )


def refresh_access_token(self, refresh_token: str) -> dict:
        url = f"{settings.ZITADEL_DOMAIN}/oauth/v2/token"
        jwt_token = self.create_client_assertion()
        headers = {"Content-Type": "application/x-www-form-urlencoded"}
        data = {
            "grant_type": "refresh_token",
            "refresh_token": refresh_token,
            "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
            "client_assertion": jwt_token
        }
        try:
            response = requests.post(url, headers=headers, data=data, timeout=2)
            response.raise_for_status()
            token_response = response.json()
            return token_response
        except requests.exceptions.HTTPError as e:
            error_detail = e.response.json() if e.response.content else {"error": "unknown"}

...

def create_client_assertion(self) -> str:
        now = int(time.time())
        payload = {
            "iss": self.JWT_KEY_FILE["client_id"],
            "sub": self.JWT_KEY_FILE["client_id"],
            "aud": settings.ZITADEL_DOMAIN,
            "exp": now + 60 * 60,
            "iat": now
        }
        headers = {
            "alg": "RS256",
            "kid": self.JWT_KEY_FILE["key_id"]
        }
        return jwt.encode(
            payload,
            self.JWT_KEY_FILE["private_key"],
            algorithm="RS256",
            headers=headers
        )


def refresh_access_token(self, refresh_token: str) -> dict:
        url = f"{settings.ZITADEL_DOMAIN}/oauth/v2/token"
        jwt_token = self.create_client_assertion()
        headers = {"Content-Type": "application/x-www-form-urlencoded"}
        data = {
            "grant_type": "refresh_token",
            "refresh_token": refresh_token,
            "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
            "client_assertion": jwt_token
        }
        try:
            response = requests.post(url, headers=headers, data=data, timeout=2)
            response.raise_for_status()
            token_response = response.json()
            return token_response
        except requests.exceptions.HTTPError as e:
            error_detail = e.response.json() if e.response.content else {"error": "unknown"}

...

def create_client_assertion(self) -> str:
        now = int(time.time())
        payload = {
            "iss": self.JWT_KEY_FILE["client_id"],
            "sub": self.JWT_KEY_FILE["client_id"],
            "aud": settings.ZITADEL_DOMAIN,
            "exp": now + 60 * 60,
            "iat": now
        }
        headers = {
            "alg": "RS256",
            "kid": self.JWT_KEY_FILE["key_id"]
        }
        return jwt.encode(
            payload,
            self.JWT_KEY_FILE["private_key"],
            algorithm="RS256",
            headers=headers
        )


def refresh_access_token(self, refresh_token: str) -> dict:
        url = f"{settings.ZITADEL_DOMAIN}/oauth/v2/token"
        jwt_token = self.create_client_assertion()
        headers = {"Content-Type": "application/x-www-form-urlencoded"}
        data = {
            "grant_type": "refresh_token",
            "refresh_token": refresh_token,
            "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
            "client_assertion": jwt_token
        }
        try:
            response = requests.post(url, headers=headers, data=data, timeout=2)
            response.raise_for_status()
            token_response = response.json()
            return token_response
        except requests.exceptions.HTTPError as e:
            error_detail = e.response.json() if e.response.content else {"error": "unknown"}

...

def create_client_assertion(self) -> str:
        now = int(time.time())
        payload = {
            "iss": self.JWT_KEY_FILE["client_id"],
            "sub": self.JWT_KEY_FILE["client_id"],
            "aud": settings.ZITADEL_DOMAIN,
            "exp": now + 60 * 60,
            "iat": now
        }
        headers = {
            "alg": "RS256",
            "kid": self.JWT_KEY_FILE["key_id"]
        }
        return jwt.encode(
            payload,
            self.JWT_KEY_FILE["private_key"],
            algorithm="RS256",
            headers=headers
        )


def refresh_access_token(self, refresh_token: str) -> dict:
        url = f"{settings.ZITADEL_DOMAIN}/oauth/v2/token"
        jwt_token = self.create_client_assertion()
        headers = {"Content-Type": "application/x-www-form-urlencoded"}
        data = {
            "grant_type": "refresh_token",
            "refresh_token": refresh_token,
            "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
            "client_assertion": jwt_token
        }
        try:
            response = requests.post(url, headers=headers, data=data, timeout=2)
            response.raise_for_status()
            token_response = response.json()
            return token_response
        except requests.exceptions.HTTPError as e:
            error_detail = e.response.json() if e.response.content else {"error": "unknown"}

...

Token endpoint to refresh token

Similar Threads

Similar Threads

Similar Threads