Hello
I want to develop an integration with the smartermail API and im testing the authentication and refresh tokens.
Authentication works good but there is no way to make refresh tokens work. Its a clean testing installation of smartermail via docker-compose. Admin, domain and testing user newly created, but:
$ curl -s -X POST hxxp://192.168.100.100:8080/api/v1/auth/authenticate-user -H "Content-Type: application/json" -d '{"username":"test@mydomain.com","password":"mypassword"}'
{"emailAddress":"test@mydomain.com","changePasswordNeeded":false,"passwordExpired":false,"displayWelcomeWizard":true,"isAdmin":false,"isDomainAdmin":false,"isLicensed":true,"isClusterAdmin":false,"autoLoginToken":"","autoLoginUrl":"","localeId":"en","requirements":null,"suppressIdsTick":false,"isImpersonating":false,"canViewPasswords":false,"accessToken":"eyJhbG...CEcQ","refreshToken":"eyJhbGciOiJS...4mIfD4-Dew","accessTokenExpiration":"2026-07-16T10:47:06.9923367Z","refreshTokenExpiration":"2026-09-14T10:32:07.0000397Z","username":"test@mydomain.com","success":true,"resultCode":200}
$ curl -s -X POST hxxp://192.168.100.100:8080/api/v1/auth/refresh-token -H "Content-Type: application/json" -d "{\"token\":\"eyJhbGciOiJS...4mIfD4-Dew\"}"
{"isImpersonating":false,"canViewPasswords":false,"accessToken":"","refreshToken":"","accessTokenExpiration":null,"refreshTokenExpiration":null,"username":null,"success":false,"resultCode":401,"message":"Refresh token not valid"}
I have tried many times, the token is perfectly pasted (if i modify a char it returns signature validation error), i have also used the isWebmailRefresh parameter but no luck, tried two different versions of smartermail... out of ideas.
Can you help me?
Thanks in advance!!