Angular 16 SSO Refresh Token Issues

Hello, all. I’m working on a new Angular app and having trouble using the refresh token. I hope that some of you that have had success with angular will give me a few tips as to what I’m doing wrong.

My function is to request a new auth token using the refresh token. Referencing these docs: Refreshing tokens

    const client_id = environment.eveClientId;
    const secret_key = environment.eveSecretKey;
    const auth = btoa(`${client_id}:${secret_key}`);

    var refresh_token = this.storageService.getEveRefreshToken();

    const headers = new HttpHeaders();
    headers.append('Authorization', `Basic ${auth}`);
    headers.append('Content-Type', 'application/x-www-form-urlencoded');
    headers.append('Host', '');
    const httpOptions = { headers: headers};

    // EVE notes:
    // Remember that the refresh token must be URL-encoded, per the content type of the request.
    // Failing to do this may cause the request to be malformed and a 400 response to be returned.
    const encodedBody = new URLSearchParams();
    encodedBody.set('grant_type', 'refresh_token');
    encodedBody.set('refresh_token', `${refresh_token}`);

    return<EveTokenModel>('', encodedBody, httpOptions);

I always receive a 401 error:

    "headers": {
        "normalizedNames": {},
        "lazyUpdate": null,
        "headers": {}
    "status": 401,
    "statusText": "OK",
    "url": "",
    "ok": false,
    "name": "HttpErrorResponse",
    "message": "Http failure response for 401 OK",
    "error": null

I have tried to encodeURIComponent the refresh_token but received the same 401 error.

I have no trouble receiving the token via the original SSO request and can access ESI endpoints. The only problem that I’m facing is the refresh token. I store the token and the refresh token in local storage (for testing) . I ensure to update these as new SSO requests are made.

Any tips would be greatly appreciated.

It’s very similar to my implementation, which works without issues.

The only weird thing I found is this line:

    var refresh_token_url_encoded = encodeURIComponent(refresh_token!);

Not sure why you’re encoding it here, as I believe it is also encoded once you add it to the URLSearchParams.

That was just for testing.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.