Refresh token not working.

JenniferS6997 · ‎12-17-2020

I'm having ongoing troubles with refresh tokens. I can refresh as much as I want when testing, but the second the access token actually expires and triggers my app to refresh the tokens, the refresh token fails to work.

This is the message I get back when the access token expires and I attempt to refresh it: {"error_description":"unknown, invalid, or expired refresh token","error":"invalid_grant"}

This is the code (which again, works when testing it):

function constantContactRefreshToken($foundation = false) {
	global $apiAuthentication;

	$clientId = $apiAuthentication['clientId'];
	$clientSecret = $apiAuthentication['clientSecret'];

	$ch = curl_init();

	$refreshToken = get_option('constant_contact_refresh');

	$url = 'https://idfed.constantcontact.com/as/token.oauth2?refresh_token=' . $refreshToken . '&grant_type=refresh_token';
	curl_setopt($ch, CURLOPT_URL, $url);

	curl_setopt($ch, CURLOPT_HTTPHEADER, array(
		'Authorization: Basic ' . base64_encode($clientId . ':' . $clientSecret)
	));

	curl_setopt($ch, CURLOPT_POST, true);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

	$response = curl_exec($ch);

	Logging::log('constantContactRefreshToken', array('response' => $response, 'foundation' => $foundation, 'refreshToken' => $refreshToken));

	curl_close($ch);

	try {
		$response = json_decode($response);

		if ($response->access_token) {
			update_option('constant_contact_access', $response->access_token);
		}
		if ($response->refresh_token) {
			update_option('constant_contact_refresh', $response->refresh_token);
		}

	} catch (Exception $e) {}
}

Am I supposed to be refreshing the token every time I use it? The docs say the refresh token doesn't expire, but it certainly seems like it is.

Courtney_E · ‎04-22-2021

Thank you for reaching out to Constant Contact API Developer Support and for your patience. My team is here to assist outside software developers with questions about building into Constant Contact's API.

To the question at the end of the post, it isn't necessary to refresh the token every time it's used, only if it's expired. The two most common reasons for expired refresh token errors are:

1) When you refresh, you get both a new access token and a new refresh token. If you are able to refresh once, but subsequent refreshes fail, you may not be storing the new refresh token, and the code may be continuing to use the old one.

2) If you are starting the authentication flow over from the beginning, any previously generated tokens are immediately expired; you have to use the most recent set of tokens.

If this doesn't resolve your issue, please feel free to send us an email at webservices@constantcontact.com with your API key and the username of the account you’re connecting to so we can look into it further for you.

Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.

Developer Portal

API Updates