----- Error occurrence -----
When you run the call to refresh_token service and the database is DB2, the following error occurs:
{
"error_description": "Error when validating a refresh token",
"error": "invalid_grant"
}
This occurs because the query of constant 'RETRIEVE_ACCESS_TOKEN_VALIDATION_DATA_DB2SQL' in class org.wso2.carbon.identity.oauth2.dao.SQLQueries is wrong.
----- Solution -----
Fix the query to:
SELECT ACCESS_TOKEN,
AUTHZ_USER,
ACCESS_TOKEN_SELECTED.TENANT_ID,
USER_DOMAIN,
TOKEN_SCOPE,
TOKEN_STATE,
REFRESH_TOKEN_TIME_CREATED,
REFRESH_TOKEN_VALIDITY_PERIOD,
ACCESS_TOKEN_SELECTED.TOKEN_ID,
GRANT_TYPE,
SUBJECT_IDENTIFIER
FROM
(SELECT ACCESS_TOKEN,
AUTHZ_USER,
TOKEN_STATE,
REFRESH_TOKEN_TIME_CREATED,
REFRESH_TOKEN_VALIDITY_PERIOD,
TOKEN_ID,
GRANT_TYPE,
SUBJECT_IDENTIFIER,
TENANT_ID,
USER_DOMAIN
FROM $accessTokenStoreTable
WHERE CONSUMER_KEY_ID =
(SELECT ID
FROM IDN_OAUTH_CONSUMER_APPS
WHERE CONSUMER_KEY = ?)
AND REFRESH_TOKEN = ?
ORDER BY TIME_CREATED DESC FETCH FIRST 1 ROWS ONLY) ACCESS_TOKEN_SELECTED
LEFT JOIN IDN_OAUTH2_ACCESS_TOKEN_SCOPE ON ACCESS_TOKEN_SELECTED.TOKEN_ID = IDN_OAUTH2_ACCESS_TOKEN_SCOPE.TOKEN_ID