Forum

Hi, i have noticed that there are some issues with code and token durations:

1. The code i receive with authorize endpoint does not last forever, if i use the code i have received few days ago i receive:
{
“error”: “invalid_grant”,
“error_description”: “AADB2C90080: The provided grant has expired. Please re-authenticate and try again. Current time: 1547141256, Grant issued time: 1547053093, Grant expiration time: 1547053693\r\nCorrelation ID: 11f50cd6-4315-4731-a4f6-d0a33ab7fd88\r\nTimestamp: 2019-01-10 17:27:36Z\r\n”
}
This procedure require a manual login, there is no documentation of any post endpoint for it

2. The refresh_toke i receive has a validity (2160 hours or 90 days) while on the documentation is stated that it last lifetime
{
“access_token”: “XYZ”,
“id_token”: “QWERT”,
“token_type”: “Bearer”,
“not_before”: 1547142188,
“expires_in”: 3600,
“expires_on”: 1547145788,
“resource”: “KLM”,
“id_token_expires_in”: 3600,
“profile_info”: “XYZRD”,
“refresh_token”: “KLMNZ”,
“refresh_token_expires_in”: 7776000
}

This creates a big problem that after 90 days i have to manually obtain a new code to get a new refresh_token, am I missing something ??

Hello Dario,

For the code value, it’s normal. This is the first step of the process to get your access_token (you have a limited time to get it for security reasons).
This token is valid 1 hour, that’s why the refresh_token flow is here to refresh it before the expiration. This is the classic Oauth2 process.
I confirm that it is not valid 90 days but lifetime (unless if the user disconnect or if you change the scopes of your application).

Have a good day,
Leslie – Community Manager

Thanks Leslie so i Just ingore “refresh_token_expires_in”: 7776000 ? Thanks !

Yes I think it should be OK.

Have a good day,
Leslie – Community Manager