Forum Discussion

HuttropFatty's avatar
HuttropFatty
Contributor
6 years ago

generated OAuth acces_token expires after 24 hours

hello, The complete OAuth 2.0 authorization grant flow could be performed without errors. Step 1: Receive authorization code and tenant ID Step 2: With https://community.xxxxxx.xxx/api/2.0/auth/va...
  • AdamN's avatar
    AdamN
    6 years ago

    Hi HuttropFatty ,

    This is by design. Per https://developer.khoros.com/khoroscommunitydevdocs/docs/oauth-authorization-grant :

    The access token is valid for 24 hours. Refresh the access token before the access token expires. The refresh token does not expire unless it is specifically revoked.

    You may wish to add some retry logic to your implementation. If you get a response back that the access token has expired, you can make a call to the refresh token endpoint and get a new access token. Then you can retry your original request again.

    Alternately, you could just add some logic to periodically obtain a new access token on some interval less than 24 hours.

    I hope this helps!

AdamN's avatar
AdamN
Khoros Oracle

Hi HuttropFatty ,

This is by design. Per https://developer.khoros.com/khoroscommunitydevdocs/docs/oauth-authorization-grant :

The access token is valid for 24 hours. Refresh the access token before the access token expires. The refresh token does not expire unless it is specifically revoked.

You may wish to add some retry logic to your implementation. If you get a response back that the access token has expired, you can make a call to the refresh token endpoint and get a new access token. Then you can retry your original request again.

Alternately, you could just add some logic to periodically obtain a new access token on some interval less than 24 hours.

I hope this helps!

HuttropFatty's avatar
HuttropFatty
Contributor
6 years ago

Hi, AdamN,

thanks for your feedback. Then I will adjust my code accordingly and check the API feedback for expired tokens.