Hi, i have noticed that there are some issues with code and token durations:
1. The code i receive with authorize endpoint does not last forever, if i use the code i have received few days ago i receive:
“error_description”: “AADB2C90080: The provided grant has expired. Please re-authenticate and try again. Current time: 1547141256, Grant issued time: 1547053093, Grant expiration time: 1547053693\r\nCorrelation ID: 11f50cd6-4315-4731-a4f6-d0a33ab7fd88\r\nTimestamp: 2019-01-10 17:27:36Z\r\n”
This procedure require a manual login, there is no documentation of any post endpoint for it
2. The refresh_toke i receive has a validity (2160 hours or 90 days) while on the documentation is stated that it last lifetime
This creates a big problem that after 90 days i have to manually obtain a new code to get a new refresh_token, am I missing something ??
For the code value, it’s normal. This is the first step of the process to get your access_token (you have a limited time to get it for security reasons).
This token is valid 1 hour, that’s why the refresh_token flow is here to refresh it before the expiration. This is the classic Oauth2 process.
I confirm that it is not valid 90 days but lifetime (unless if the user disconnect or if you change the scopes of your application).
Have a good day,
Leslie – Community Manager
You must be logged in to reply to this topic.