The access token expire or not?

25 February 2019 at 21 h 57 min

Dear Leslie,
in my first question you told me that the access token never expire not in 90 days.
Yesterday my access token expired.

{ error: ‘invalid_grant’,
error_description: ‘AADB2C90080: The provided grant has expired. Please re-authenticate and try again. Current time: 1551127748, Grant issued time: 1543264900, Grant ex piration time: 1551040900\r\nCorrelation ID: 3a8b1c46-xxxxxxxxxxxxxxxxxxa\r\nTimestamp: 2019-02-25 20:49:08Z\r\n’ }

What’s the situation?
I have to redoo the connection flow?
Let me know before I restart the oAuth2 flow.
Bye
Sandro

Leslie – Community Manager

26 February 2019 at 10 h 32 min

Hello Sandro,

I have 2 questions :
– Did you put in place the refresh_token flow as described in the tutorial ?
– If yes, you did it exactly 90 days ago ?

Have a good day,
Leslie – Community Manager

Sdomotica

26 February 2019 at 11 h 05 min

Hi Leslie,
I saved the access token on Monday 26 November 2018 20:41:40 (lease look on our emails on 21/11/2018 when I asked about 90 days expiring).
I used this access token to refresh token until today, without change it.
After 90 days this first token expired, differently form what you indicate and wrote me.
Did have I to replace the stored access token with newest received when ask the refresh token?
Bye
Sandro

Leslie – Community Manager

26 February 2019 at 15 h 14 min

Hello Sandro,

You are right, it is supposed to be lifetime but it expires 90 days after.
We look at it with the Cloud team. I’ll let you know as soon as I have more information.

Have a good day,
Leslie – Community Manager

Leslie – Community Manager

27 February 2019 at 12 h 00 min

Hello Sandro,

I have more information. The process is OK but I will update the tutorial in order to be more precise :

When you do a POST request you retrieve an access_token (valid 1 hour) and a refresh_token (valid 7776000 seconds, so 90 days). Your access_token has to be refreshed each hour with the refresh_token code in order to be valid.
But each time you make your POST request, your access_token changes AND your refresh_token changes too. So each hour you retrieve a new refresh_token with a 90 days lifetime.
If you use the first refresh_token you retreived from your very first request and never update it, each 90 days you will have to renew this Oauth2 authentication process.
So you have to use the new generated refresh_token code if you want your grant access to be valid forever (in fact, each hour you get a new access right for 90 days).

Hoping it’s more clear for you 😉

Have a good day,
Leslie – Community Manager