Jump to content

Authorisation


 Share

Recommended Posts

Hi Andrew,

Thank you for your question.

What makes you believe the refresh_token has expired before 31 days please?

The token is invalid for one of three reasons:

1 - It has expired
2 - The user has revoked access
3 - The refresh token has been used before

In the majority of cases, it is generally reason three that is the cause, especially with apps using async calls to refresh the token. The scenario would usually be:

The connected app sends a request to exchange the current request token for a new set of tokens in an async call, during the exchange another request from the user is made, you detect that the current access token is expired and then send a second request to exchange the refresh token that is still being processed in the original request.

What are you doing to ensure this cannot occur? For example, if the tokens are stored in a DB table do you lock the table until the request has finished executing?

Thanks

Mark

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...