Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Problem/Motivation
client_credentials standard does not have refreshToken. Expired token is usually renew by requesting a new access token directly. There is no handling for expired access token in getClientCredentialsAccessToken(). This means expired token in client_credentials grant will not be renew automatically.
Proposed resolution
Add support for renewing expired token to getClientCredentialsAccessToken()
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | oauth2_client-add-support-for-renewing-token-for-client-credentials-grant-3064090-0.patch | 837 bytes | longmtran |
Comments
Comment #2
longmtran commentedAttached patch adds token renewal support to
getClientCredentialsAccessToken()Comment #3
longmtran commentedComment #4
ivan.chavarro commentedThank you, this patch solved my issue.
Comment #5
sfuchsbe commentedWorks like a charm. Thank you
Comment #6
Myddna commentedCould this patch be commited, please? :)
Comment #7
jumoke commentedWorks for me.
Comment #8
jumoke commentedComment #9
fathershawnHi! @perelesnyk and I have stepped up as maintainers, officially for D9 compatible and forward. I've added this issue to our planning issue. The Oauth2 standard has Refresh tokens as optional in general:
https://tools.ietf.org/html/rfc6749#section-1.5
So if a refresh token is returned with the original access token, we should use it on all grant types
Comment #10
fathershawnAddressed in #3072062: Refactor Authorization Token Flow
Comment #11
fathershawn