Product: TIBCO Spotfire®
User unable to authenticate via TIBCO Spotfire Analyst with error "Could not authenticate with server to get tokens (invalid_grant): The refresh token was not found or has expired." exception
A red error message appears: 'An error occurred while logging in' as soon as the 'Log In' button is clicked. When clicking on 'More information' -> 'Details' you may see the following error:
Error message: The session has expired.
AuthenticationException at Spotfire.Dxp.Loader:
Could not authenticate with server to get tokens (invalid_grant): The refresh token was not found or has expired. (HRESULT: 80131501)
at Spotfire.Dxp.Loader.LoginHandler.OAuth2LoginUsingRefreshToken(ServerInformation chosenServer, SpotfireOAuth2Identity oAuth2Identity, Boolean usePersistentRefreshTokens)
at Spotfire.Dxp.Loader.LoginControl.OkButtonClick(Object sender, EventArgs e)
WebException at Spotfire.Dxp.Framework:
The remote server returned an error: (400) Bad Request . (HRESULT: 80131509)
at Spotfire.Dxp.Framework.HttpClient.NativeWebResponse..ctor(NativeHttpClient httpClient, NativeWebRequest request)
at Spotfire.Dxp.Framework.Login.OAuth2AuthenticationFlow.TryExecuteTokenRequest(WebRequest tokenRequest, Boolean getRefreshToken, Boolean isPasswordRequest, String& authToken, String& refreshToken, Exception& error)
Previously when a user selected "Save my login information" the TIBCO Spotfire Analyst client would save the actual username and password. Since 10.2.0 the Spotfire Server will instead issue a refresh token that the Analyst saves and uses to authenticate later on. This is more secure since the actual password doesn't need to be stored, and since the refresh token can easily be revoked without the user having to change password. Such a refresh token is (by default) valid for 30 days, after which the user will have to log in again.
If a refresh token has expired then the user will get "Could not authenticate with server to get tokens (invalid_grant): The refresh token was not found or has expired." To resolve, re-authenticate to the TIBCO Spotfire Server again.