ArcGISWebException code 498: "invalidated refresh_token"

1560
8
12-09-2019 04:03 PM
JonathanRuland
New Contributor II

I am trying to use OAuthTokenCredential class to refresh access tokens by calling RefreshTokenAsync(). However, I am getting the titular exception and message. I store the refresh token locally, encrypted. When my app loads I decrypt the token and feed it into OAuthRefreshToken property, then run RefreshTokenAsync() and get the stated result.

 

I have verified the refresh token is the same after encryption/decryption, so I must be doing something wrong either trying to reload the credentials or refreshing the token. We have recently moved from ArcGIS runtime 100.4 to 100.6, could this have something to do with it?

 

Apologies if I posted this in the wrong area, I am new here. Thanks for your time.

0 Kudos
8 Replies
MichaelBranscomb
Esri Frequent Contributor

Hi,

I suspect you're running into a known issue in the 100.6 release, which will be addressed by the upcoming 100.7 release. We aim to have that wrapped up soon...

Cheers

Mike

JonathanRuland
New Contributor II

Thanks Michael. If that's the case we can probably put this issue to rest until 100.7 is released. The only side effect is that the user has to log in every time they open the app.

0 Kudos
JeremyBridges
Occasional Contributor

Were you guys able to address this issue in 100.7? We are seeing the same issue. We're updating from 100.5.

0 Kudos
MichaelBranscomb
Esri Frequent Contributor

Jeremy,

Yes, this issue should have been resolved in the 100.7 release. 

Thanks

Mike

0 Kudos
JeremyBridges
Occasional Contributor

It is not fixed, at least in our use case. We'll start up a ticket. Any bug numbers or other ticket numbers we can put on the ticket so its easier to associate with the original issue?

0 Kudos
MichaelBranscomb
Esri Frequent Contributor

Jeremy,

During the investigation of the original issue, we did note some cases that required additional work. This was undertaken in the 100.8 release lifecycle.

I'd like to share a current 100.8 preview with you: which of the .NET SDK APIs are you referencing? (Android, iOS, UWP, and/or WPF)

Thanks

Mike

0 Kudos
JeremyBridges
Occasional Contributor

We've noticed the issue on Xamarin (iOS) and WPF. We'd love to test in both places.

For reference, our workflow is very similar to Johnathan's. We store the refresh token on login. It is placed in the Runtime's OAuth authentication API's on start of the app, or after login. We know we've needed to call RefreshTokenAsync in order to get Runtime to work correctly with federated services. Our code:


                    var serverInfo = new ServerInfo
                    {
                        ServerUri = portalUri,
                        TokenAuthenticationType = TokenAuthenticationType.OAuthAuthorizationCode,
                        OAuthClientInfo =
                            new OAuthClientInfo
                            {
                                ClientId = appClientId,
                                RedirectUri = redirectUri
                            }
                    };
                    AuthenticationManager.Current.RegisterServer(serverInfo);

                    var cred = new OAuthTokenCredential
                    {
                        Token = accessToken,
                        OAuthRefreshToken = refreshToken,
                        ServiceUri = portalUri,
                        GenerateTokenOptions = new GenerateTokenOptions
                        {
                            TokenAuthenticationType = TokenAuthenticationType.OAuthAuthorizationCode
                        }
                    };

                    AuthenticationManager.Current.AddCredential(cred);

                    await cred.RefreshTokenAsync();

0 Kudos
MichaelBranscomb
Esri Frequent Contributor

Jeremy,

Thanks - I'll share the preview via the Early Adopters site and provide access details via email.

Regards

Mike

0 Kudos