Implement oidc token refresh
Performing a token refresh with the oidc-agent client causes an exception on the server and the refresh fails.
The client performs a POST request to https://bwidm.scc.kit.edu/oidc/realms/bwidm/protocol/openid-connect/token with the body grant_type=refresh_token&refresh_token=REDACTED&scope=openid profile offline_access.
The server answers with a 500 status code and the HTML output states that an unhandled exception occurred:
org.jboss.resteasy.spi.UnhandledException: edu.kit.scc.webreg.service.saml.exc.OidcAuthenticationException: unknown flow stateThe request seems to comply with the OpenID Connect spec.
This issue also arises when attempting to get an OpenID C ID Token with oidc-token --id-token, because this command always performs a refresh.
Steps for reproduction
Start oidc-agent with debug logging
$ oidc-agent --console --debug --log-stderr
OIDC_SOCK=/tmp/oidc-GRmy6a/oidc-agent.343766; export OIDC_SOCK;
OIDCD_PID=395343; export OIDCD_PID;
echo Agent pid $OIDCD_PID
2022-01-27 14:44:19 oidc-agent.p DEBUG: ...In another terminal, copy-paste the oidc-agent environment variables, and register an account "bwidm" (requires a registered client). Then, force a reissue which attempts to perform a refresh.
$ OIDC_SOCK=/tmp/oidc-GRmy6a/oidc-agent.343766; export OIDC_SOCK;
$ OIDCD_PID=395343; export OIDCD_PID;
$ oidc-gen bwidm --client-id lsdf_test_client --client-secret REDACTED --issuer https://bwidm.scc.kit.edu/oidc/realms/bwidm/ --redirect-uri http://localhost:9987/biwdm.scc.kit.edu
# ... Now confirm scopes and log in via web browser
$ oidc-token --force-new bwidm
Error: could not parse jsonThe debug output is written to the terminal where oidc-agent is running.
/cc @simon