Yaak Logo
Yaak
Feedback/Token not refreshed using oauth2

Token not refreshed using oauth2

sonnius ·a year ago
ReleasedBug

When I use oauth2 the token does not refresh, peeking at the plugin code I believe this should already be implemented.

I use an application that embeds keycloak (version 25.0.6) for oauth2, I get a token response if the current token is empty/removed. Once the token times out Yaak does not try and refresh it and I need to manually remove the token to generate a new one.

Config:

Access Token Response (redacted):

{

"access_token": "<redacted>",

"expires_in": 300,

"refresh_expires_in": 1800,

"refresh_token": "<redacted>",

"token_type": "Bearer",

"id_token": "<redacted>",

"not-before-policy": 0,

"session_state": "c1416f1d-6f6e-475d-b702-63e3c8790547",

"scope": "openid profile email"

}

Response after token expiration:

Mac2025.1.2

Comments (9)

Sign in to leave a comment.

Gregory SchierReleased to BetaFeatured
Gregory Schier

Thanks for the report! The expiry calculation was mistakenly comparing a regular unix timestamp (seconds) to a JS timestamp (milliseconds).

sonnius OP

Thanks Greg, with this change the token gets refreshed without issues.

Gregory Schier

https://yaak.app/blog/2025.2.0-beta.1

Gregory Schier
henrikhenrikpersson

Hi!

I think I am experiencing the same issue, on Yaak version 2026.4.0.

I have a workspace using OAuth 2, and endpoints that inherit auth from parent. image

I have an expired JWT that seems to be stuck. I have deleted the token from the workspace auth settings, and when i click “Copy current token” I get a “No token to copy” message.

However when I send a request that uses parent auth, I can see in the request headers that the deleted JWT is still used.

I looked around in Yaaks db.sqlite, found this in the plugin_key_values table which might be related?

{
  "response": {
    "access_token": "{old-jwt}",
    "token_type":"Bearer"
  },
  "expiresAt":null
}

Decoding the JWT shows that the token is expired:

{
  ...
  "exp": 1782999453 // July 2nd 2026, 13:37:33 UTC (unix timestamp)
  ...
}

Deleting that row from the database fixes the issue, but I assume that the new JWT will eventually get stuck as well.

Gregory Schier
henrikhenrikpersson

Awesome! Thanks for building a great client!

Gregory Schier

You’re welcome!

Type to search feedback...