Get new refresh token
Hi !
Recently we ran into the "API auth error: Sorry, your OAuth grant has expired." issue. After reading the related topics on this forum I tried to implement the fix (store the new refresh token when given) but I'm not sure if it solved the problem.
Therefore I still have some questions.
When a user grants access to an App, the grant is unlimited in time. Correct?
refresh tokens expire in 28 days, but before this expiration date Podio sends a new refresh token. Yes? a. Is it sent when a new oAuth token is requested, or at a random Podio API execution? b. How much time before the expiration will Podio provide us with a new refresh token. Or put differently: when I request a new oAuth token, will it pass the new refresh token 2 days, 1 day, 4 hours before the current refresh token expires?
-
Hi Vijay,
Please have a look at the section "Refreshing Expired Tokens" in the Podio Authentication documentation. When you get your access token, you also get a refresh token and the
expires_inproperty shows the number of seconds until the access token expires. You should use the refresh token to renew your access token prior to expiration. If you're using an SDK, it may have auto-refreshing of access tokens (e.g. podio-rb).Best,
Andreas -
Hi Andreas !
I think you getting the context wrong. I am talking about getting new refresh_token not getting new access_token. Refresh_token get expire every 28 days. Before the refresh token expires Podio return a new refresh token when refreshing the access token as per this discussion :-
But here "before the refresh token expires" is not clear. when exactly(exactly after 28 days or before it) Podio return new refresh_token i.e. when I need to refresh access_token so that I can get new refresh_token.
-
It is not returning new refresh_token. This is my old Podio credential :-
{
"access_token" : "59ba9ca410f84a3f877993ea493a7439",
"token_type" : "bearer",
"ref" : {
"type" : "user",
"id" : 2718133
},
"expires_in" : 28800,
"refresh_token" : "e0cfb0b3c57e42d38ad97807c3de4d9e"
}After refreshing access_token, I got :-
{
"access_token": "ed1ddb0d7d7b4cdbb038173334923999",
"token_type": "bearer",
"ref": {
"type": "user",
"id": 2718133
},
"expires_in": 28800,
"refresh_token": "e0cfb0b3c57e42d38ad97807c3de4d9e"
}You can clearly see refresh_token remain same. Please let me know how to get new refresh_token. It's urgent. Our app is being used by customers.
-
You should just continue using the
refresh_tokenreturned in the response. The validity of the refresh token is extended as part of the refresh call.Unless you're implementing something with strict latency requirements, I would recommend to just use the approach from podio-rb, i.e. if you get a token expired error, perform a refresh call and perform the same request again with the new access token.
-
sometimes while refreshing access_token, I am experiencing this error :-
{
"error_parameters": {},
"error_detail": "oauth.refresh_token.invalid",
"error_propagate": true,
"request": {
"url": "http://api.podio.com/oauth/token",
"query_string": "grant_type=refresh_token&client_id=xero-podio&client_secret=k7WFxo5Z9X02dgM2vV5rrXi0vT8VzxtQEHqDkgl5gVfdTOWMOsxWDCRKptcnCUVM&refresh_token=a557674b3fbe45c18afc0123b1ede92c",
"method": "POST"
},
"error_description": "Sorry, your refresh token is invalid.",
"error": "invalid_grant"
}what is needed to do to avoid this error ?
-
Mostly our app use this endPoint to create new items :-
https://developers.podio.com/doc/items/add-new-item-22362In between if access_token get expire, we use refresh_token to refresh access_token as per this page :-
https://developers.podio.com/authenticationsometimes it is unable to use refresh_token and throw above mentioned error.
-
I've looked up the refresh token from your request and it doesn't exist in the database. To investigate why this is the case, I need to a lot more detail to look further into this, preferably the HTTP requests and responses. Otherwise I would ask you to ensure that you're passing in the correct
refresh_tokenwhen refreshing the access token. -
Looks like their implementation of refresh token flow does not return new refresh token with every refresh of an access token. I had same problem with my app where it was not generating new refresh token every time when I tried to get a new access token using refresh token. According to OAuth specification it is optional to return new refresh token:
(H) The authorization server authenticates the client and validates
the refresh token, and if valid, issues a new access token (and,
optionally, a new refresh token). (https://tools.ietf.org/html/rfc6749#section-1.5)I had to specifically specify to invalidate refresh token once it was used to generate an access token and return new refresh token along with the new access token.
Hopefully this will help you and Podio to resolve this
-
Support give me that's link to stackowerflow: https://stackoverflow.com/questions/41739817/podio-oauth-refresh-token-lifespan
The refresh token can expire if unused for longer than 28 days. Each time you use the refresh token to request a new access token, the timer resets and you have another 28 days before the refresh token expires. If you regularly obtain new access tokens within the 28-day period you can hypothetically use the same refresh token indefinitely.
-
Hi Artem,
I kindly request you to visit the below link:-
https://stackoverflow.com/questions/41739817/podio-oauth-refresh-token-lifespan
Thank you,
Darshan//Podio
Please sign in to leave a comment.
Comments
16 comments