App tokens can't be refreshed
Pleroma supports refreshing tokens.
However, it seems it can only work with user tokens. Submitting an app token for refresh:
Looking at the code it seems to try pulling a user out of the token, which would be empty in the case of an app token.
@doc "Renew access_token with refresh_token"
def token_exchange(
%Plug.Conn{} = conn,
%{"grant_type" => "refresh_token", "refresh_token" => token} = _params
) do
with {:ok, app} <- Token.Utils.fetch_app(conn),
# LOOK HERE
{:ok, %{user: user} = token} <- Token.get_by_refresh_token(app, token),
{:ok, token} <- RefreshToken.grant(token) do
response_attrs = %{created_at: Token.Utils.format_created_at(token)}
json(conn, Token.Response.build(user, token, response_attrs))
else
_error -> render_invalid_credentials_error(conn)
end
end
EDIT: To be clear I'm talking about access tokens here, not client credentials. If clean_expired_tokens: true
in Pleroma config it will cause them to expire like any other token, so it would be good if there were a way to refresh them.
Edited by Alex Gleason