Failing to cycle access token with refresh token

[burritosoftware]

I use Flask-OIDC to secure internal applications and am using Authentik as my single sign-on provider. My sessions keep expiring after 5 minutes which is the access token expiry, so I wanted to check what's up. I turned on INFO logging and got this after the access token expired and I tried to access a route protected by @oidc.require_login (sensitive data removed)

INFO:flask_oidc:Could not refresh token {'access_token': '', 'token_type': 'Bearer', 'userinfo': {'acr': 'goauthentik.io/providers/oauth2/default', 'aud': '', 'auth_time': 1719364923, 'exp': 1719368777, 'given_name': 'Burrito', 'groups': ['authentik Admins', 'authentik Notifiers', 'Access - Underground', 'Developers'], 'iat': 1719368477, 'iss': '', 'name': 'Burrito', 'nickname': 'burrito', 'nonce': '', 'preferred_username': 'burrito', 'sub': ''}}: token_invalid:

I have some other OpenID Connect apps that I use through here, and they are able to utilize refresh tokens just fine. I suspect that this issue might be because you might have to refresh the token before the access token expires, but I'm not too sure if that's the case (unfamiliar with this part of the OIDC spec)

Any help appreciated, and I'm also on Discord for much quicker contact if preferred as well. Thanks!

[abompard]

In theory you should be able to refresh you access token as long as the refresh token is still valid.

Could you add a raise in the except block at line 203 of __init__.py please? It would be interesting to know what is raising the InvalidTokenError.