I understand OAuth2.0 apps will not be able to enable or generate persistent refresh tokens after 2021-11-01. Will existing persistent refresh tokens generated before 2021-11-01 continue to work as persistent refresh tokens after the 2021-11-01 cutoff date? If not, when will their new expiration date be (immediate, 2021-12-01, ?)?
I was able to find these references:
Based on what those two describe, my assumption is that persistent refresh tokens will convert into rotating refresh tokens, but it feels important to confirm the details around this.
Thanks
1 Like
Based on my own testing, my assumption is:
- Existing persistent refresh tokens generated before 2021-11-01 will not continue to work as persistent refresh tokens after 2021-11-01.
- Existing persistent refresh tokens generated before 2021-11-01 will expire immediately on 2021-11-01.
These observations were made from testing what happens when I flip the persistent/rotating toggle back and forth in the OAuth config UI while trying various OAuth and API operations. I of course can’t know for sure if this exact behavior will be mirrored at the 2021-11-01 transition point.
We work with a lot of partners who configure their own OAuth apps. I have been disappointed to discover how much of our knowledge, guidance, and preparation around this transition has been left up to guesswork.