Refresh token issued before the client session started

dasniko · April 28, 2025, 6:31am

Hi,

I’m encountering a strange behavior and I don’t know where it might come from. I’m not primarily looking for a technical explanation, but I want to know why this might happen:

During a refresh_token grant, I get the error message invalid_token and the detail message refresh token issued before the client session started. This is coming from the TokenManager.validateToken(...) method. So far, this is clear to me.
But how can this functionally happen? Might this be an error from the client implementation?

Yet, I have never encountered this error, only in one environment, this occasionally happens. And I don’t know why.
Only SSO session idle/max are configured, no deviating client session times, not globally, not in the specific client.

Has anybody any ideas about this? Any solution approaches?

Thanks
- Niko

Topic		Replies	Views
[invalid_grant] Session doesn't have required client Configuring the server authentication , oidc	0	576	February 29, 2024
Am I Misunderstanding Idle Sessions? Securing applications	0	152	December 8, 2023
Unable to refresh exchanged token Getting advice	2	2102	April 12, 2022
Refresh_token_error Getting advice	1	3148	November 9, 2022
Refresh token expiration time does not renew on usage Configuring the server token-exchange	1	4387	February 20, 2024

Refresh token issued before the client session started

Related topics