Hi, I've been trying to test authorization, and making sure my application refreshes the access token as described in OAuth2 Authorization Code Flow at this link here: https://v3.developer.constantcontact.com/api_guide/server_flow.html
I am testing, and trying to refresh my access token as described in step 8, but am sending my request "early" (before waiting for the access token to expire), and am getting the same access token back in the response. Is this expected behavior? I was expecting a different access token each time.
Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.
After taking a look at our logs for the key in use with your account, itI’m seeing that your attempts to refresh the token set are failing due an invalid refresh token being used (response:invalid_refresh_token), which is likely why you are not generating a new token value.
It looks like your key is using a Long Lived Refresh Token, so here are some things to double check:
-In step 8, the refresh token should remain the same in the response code as it was in your request, while a new access token should be generated. If you are saving these as variables, I’d check to make sure that the right values are being assigned to the right variables within your application.
-Each time you complete steps 1-4 of the OAuth2 Authorization Code Flow to connect a specific account (go through the whole flow again from the beginning), a new Refresh Token is assigned for that account’s authenticated connection and the old refresh token becomes invalidated.
You can also send us your example request/response code securely by email at firstname.lastname@example.org if you’d like us to look into this further with you.
Please have a look and let us know if you have any other questions!