Forum Discussion

HuttropFatty's avatar
HuttropFatty
Contributor
6 years ago

generated OAuth acces_token expires after 24 hours

hello,

The complete OAuth 2.0 authorization grant flow could be performed without errors.
Step 1: Receive authorization code and tenant ID
Step 2: With https://community.xxxxxx.xxx/api/2.0/auth/validateToken and the required header and body parameters access_token, refresh_token and user-id were returned.
Step 3: https://community.xxxxxx.xxx/api/2.0/auth/refreshToken provided a new acces_token with which I can also perform LIQL queries.
However, the acces_token expires after 24 hours, so i have to call https://community.xxxxxx.xxx/api/2.0/auth/refreshToken again.
Where is the error?

  • Hi HuttropFatty ,

    This is by design. Per https://developer.khoros.com/khoroscommunitydevdocs/docs/oauth-authorization-grant :

    The access token is valid for 24 hours. Refresh the access token before the access token expires. The refresh token does not expire unless it is specifically revoked.

    You may wish to add some retry logic to your implementation. If you get a response back that the access token has expired, you can make a call to the refresh token endpoint and get a new access token. Then you can retry your original request again.

    Alternately, you could just add some logic to periodically obtain a new access token on some interval less than 24 hours.

    I hope this helps!

  • AdamN's avatar
    AdamN
    Khoros Oracle

    Hi HuttropFatty ,

    This is by design. Per https://developer.khoros.com/khoroscommunitydevdocs/docs/oauth-authorization-grant :

    The access token is valid for 24 hours. Refresh the access token before the access token expires. The refresh token does not expire unless it is specifically revoked.

    You may wish to add some retry logic to your implementation. If you get a response back that the access token has expired, you can make a call to the refresh token endpoint and get a new access token. Then you can retry your original request again.

    Alternately, you could just add some logic to periodically obtain a new access token on some interval less than 24 hours.

    I hope this helps!

    • HuttropFatty's avatar
      HuttropFatty
      Contributor

      Hi, AdamN,

      thanks for your feedback. Then I will adjust my code accordingly and check the API feedback for expired tokens.