HTTP 400 Bad Request when refreshing token RRS feed

  • Question

  • User1536161996 posted

    {StatusCode: 400, ReasonPhrase: 'Bad Request', Version: 1.1, Content: System.Net.Http.HttpConnection+HttpConnectionResponseContent,

    Headers: {

    Cache-Control: no-cache

    Pragma: no-cache

    Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Wed, 08 Apr 2020 17:11:41 GMT Content-Length: 25 Content-Type: application/json; charset=UTF-8 Expires: -1 }}

    I tested in debug mode it is ok, When i publish i get this bad request.

    This is my request:

    HttpContent requestContent = new StringContent("grant_type=refresh_token&refresh_token=" + refresh_token, Encoding.UTF8, "application/x-www-form-urlencoded");
    HttpResponseMessage responseMessage = await client.PostAsync("Token", requestContent); <--- HERE get BadRequest 400.

    Maybe because i don't use HTTPS?

    I imported Simple Refresh Token: This is my code

    public class SimpleRefreshTokenProvider : IAuthenticationTokenProvider
    private static ConcurrentDictionary<string, AuthenticationTicket> _refreshTokens = new ConcurrentDictionary<string, AuthenticationTicket>();

    public async Task CreateAsync(AuthenticationTokenCreateContext context)
    var guid = Guid.NewGuid().ToString();

    // maybe only create a handle the first time, then re-use for same client
    // copy properties and set the desired lifetime of refresh token
    var refreshTokenProperties = new AuthenticationProperties(context.Ticket.Properties.Dictionary)
    IssuedUtc = context.Ticket.Properties.IssuedUtc,
    ExpiresUtc = DateTime.UtcNow.AddMonths(1)
    var refreshTokenTicket = new AuthenticationTicket(context.Ticket.Identity, refreshTokenProperties);

    //_refreshTokens.TryAdd(guid, context.Ticket);
    _refreshTokens.TryAdd(guid, refreshTokenTicket);

    // consider storing only the hash of the handle

    public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
    AuthenticationTicket ticket;
    if (_refreshTokens.TryRemove(context.Token, out ticket))

    public void Create(AuthenticationTokenCreateContext context)
    throw new NotImplementedException();

    public void Receive(AuthenticationTokenReceiveContext context)
    throw new NotImplementedException();

    And in Startup.Auth.cs

    OAuthOptions = new OAuthAuthorizationServerOptions
    TokenEndpointPath = new PathString("/Token"),
    Provider = new FirebirdAuthorizationServerProvider(PublicClientId),
    //AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
    AccessTokenExpireTimeSpan = TimeSpan.FromHours(1),
    // In production mode set AllowInsecureHttp = false
    AllowInsecureHttp = true,
    RefreshTokenProvider = new SimpleRefreshTokenProvider(),


    Wednesday, April 8, 2020 6:24 PM

All replies

  • User1925453253 posted

    You have shown this for your client site error response or something else. I couldn't understand well clearly. I am also facing same http 400 bad request problem on my site weedkilleradvise. Lemme know further about it if you can.

    Thursday, January 7, 2021 9:25 AM