I use rotated refresh tokens to get new access tokens. It generally works well, but in some cases, I receive the message ‘refresh token is invalid’ when trying to refresh. I save the expiration date of the token and refresh it every hour before it expires in 5 minutes. I noticed that 3 different clients failed to refresh the token at the same time, even though it worked before. So, this is not a case of token revocation. Also, the integration was created less than a month ago, and the refresh token was not used before, as I can’t see any logs showing the application tried to use the refresh token earlier.
Please help diagnose the reason for this behavior.
Hi Andrii,
Could you please check if there is no other process or thread attempting to regenerate the refresh token?
I am pretty sure that the refresh token was not in use by another process, because in that case I would see duplicated logs, but there was only one log for this integration.
There is also a weird behavior with the expireIn field, which might be the cause. This integration was active the whole day, and the token was refreshed every hour, but then one hour was skipped (even though the service was up and I see logs for other integrations that were refreshed). The token was updated after an hour, and for some reason, I see another log 10 minutes later that fails.
The cron job runs every 5 minutes and checks the expireIn field.
