Getting "invalid_grant" while navigation on SugarCRM

Question

Hi.

I browse SugarCRM inside several iFrames in my Web Application. The SessionID is always the same.

When I log in SugarCRM I can see a "/rest/v10/oauth2/token" with my credentials and I get the following reply:

{"access_token":"tokenAccess","expires_in":3600,"token_type":"bearer","scope":null,"refresh_token":"tokenRefresh","refresh_expires_in":1209600,"download_token":"tokenDownload"}

After some minutes, while navigating, I'm redirected to the login page. When that happens I see the following request to "/rest/v10/oauth2/token":

{"grant_type":"refresh_token","client_id":"sugar","client_secret":"","refresh_token":"refreshToken","platform":"base","refresh":true}

But I get the response:

{"error":"invalid_grant","error_message":"Invalid refresh token"}

Inside SugarCRM I have some custom code that invokes WebServices on my side. That WebServices requests tokens to SugarCRM with a different user that is navigating BUT in some cases I invoke "/rest/v10/oauth2/sudo/ with the user that is navigating.

Anyone have an idea of why the "Invalid refresh token"?

Thanks in advance.

Nuno Centeio · Accepted Answer

Hi Nuno , Here is the first question, looking at your public static string RequestUserToken Why do you pass your username and password one more time? TokenRequest t = new TokenRequest ( ) { client_id = clientID , client_secret = clientSecret , username = username , password = password } ; I think this is causing your user to be kicked out. Take a look at /oauth2/sudo/:user_name POST Endpoint. It expects your user to be an Admin and you don't need to pass the username and password. All you need username as a third parameter( /oauth2/sudo/ :username ) Let me know if this helps. Best Regards Tevfik T&uuml;mer Developer Support Engineer