Forum Discussion

moconnor5's avatar
moconnor5
Adept
10 years ago

Refreshing Access Token Question

In the OAuth2 Flow page am I correct in reading that I need to continually store a new Refresh Token after everytime I refresh the access token?  Is there no way to just use one refresh token for the...
  • PaoloT's avatar
    PaoloT
    10 years ago

    I think what happens here is that when an access token expires, the refresh token is used to obtain a new access token and a new refresh token is issued back to the caller at this point.  This is called "Refresh token rotation" ( see https://tools.ietf.org/html/rfc6749#section-10.4 ).

     

    However I don't have visibility on the internals of our LiQL implementation so it may be best to check with an engineer who would be aware of this implementation detail for LiQL, and see whether my guess is correct :-)

SuzieH's avatar
SuzieH
Khoros Alumni (Retired)

Hi moconnor5 .

The refresh token will not expire. 

 

From the document: "The access token is valid for 24 hours. You can refresh the access token if needed. A refresh token can be issued at any time, but typically not until the access token expires. The refresh token does not expire."

 

Let me know if I'm misundestanding your question.

PaoloT's avatar
PaoloT
Lithium Alumni (Retired)
10 years ago

I think what happens here is that when an access token expires, the refresh token is used to obtain a new access token and a new refresh token is issued back to the caller at this point.  This is called "Refresh token rotation" ( see https://tools.ietf.org/html/rfc6749#section-10.4 ).

 

However I don't have visibility on the internals of our LiQL implementation so it may be best to check with an engineer who would be aware of this implementation detail for LiQL, and see whether my guess is correct :-)