Angular 16 SSO Refresh Token Issues

Hello, all. I’m working on a new Angular app and having trouble using the refresh token. I hope that some of you that have had success with angular will give me a few tips as to what I’m doing wrong.

My function is to request a new auth token using the refresh token. Referencing these docs: Refreshing tokens

    const client_id = environment.eveClientId;
    const secret_key = environment.eveSecretKey;
    const auth = btoa(`${client_id}:${secret_key}`);

    var refresh_token = this.storageService.getEveRefreshToken();

    const headers = new HttpHeaders();
    headers.append('Authorization', `Basic ${auth}`);
    headers.append('Content-Type', 'application/x-www-form-urlencoded');
    headers.append('Host', '');
    const httpOptions = { headers: headers};

    // EVE notes:
    // Remember that the refresh token must be URL-encoded, per the content type of the request.
    // Failing to do this may cause the request to be malformed and a 400 response to be returned.
    const encodedBody = new URLSearchParams();
    encodedBody.set('grant_type', 'refresh_token');
    encodedBody.set('refresh_token', `${refresh_token}`);

    return<EveTokenModel>('', encodedBody, httpOptions);

I always receive a 401 error:

    "headers": {
        "normalizedNames": {},
        "lazyUpdate": null,
        "headers": {}
    "status": 401,
    "statusText": "OK",
    "url": "",
    "ok": false,
    "name": "HttpErrorResponse",
    "message": "Http failure response for 401 OK",
    "error": null

I have tried to encodeURIComponent the refresh_token but received the same 401 error.

I have no trouble receiving the token via the original SSO request and can access ESI endpoints. The only problem that I’m facing is the refresh token. I store the token and the refresh token in local storage (for testing) . I ensure to update these as new SSO requests are made.

Any tips would be greatly appreciated.

It’s very similar to my implementation, which works without issues.

The only weird thing I found is this line:

    var refresh_token_url_encoded = encodeURIComponent(refresh_token!);

Not sure why you’re encoding it here, as I believe it is also encoded once you add it to the URLSearchParams.

That was just for testing.