Refresh Token Invalid

RyanM244
Rookie

We recently updated our Application and I am getting an odd situation. I had to re-authorize and generate a new Access Token and Refresh Token. I then stored the tokens and started using the new Access Token, and that works fine.

 

However, when the Access Token expires and I try to refresh, I get this message:

{"error":"invalid_grant","error_description":"The refresh token is invalid or expired."}

 

I've looked through other questions and the common suggestion seems to be that another Refresh call may have happened that overrode the Refresh Token I stored.  I don't think this is happening, but I suppose it may be possible somehow. My question to help confirm this is, when the Refresh Token request happens, does it invalidate both the Access Token and the Refresh Token? Because the Access Token I got continues to work for its expected 24 hour lifespan. 

 

Second question - does the "Long Lived Refresh Tokens" feature in the Application settings work? I don't see it mentioned in the documentation, but saw it when I was looking at our Application. But if it does, I would use that option instead. 

 

1 REPLY 1
John__B
Employee
0 Votes

Hello RyanM244,

 

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

Upon reviewing our logs for your keys, I found multiple instances of successful refresh token requests being made and then another refresh token request being made with the previous/expired refresh token, resulting in the “The refresh token is invalid or expired” error response you’ve encountered. It appears that when these successful refresh token requests are being made, the new refresh token is not being stored in your application for the next refresh token request. 

 

When a refresh token is used, it becomes invalid and the new refresh token you received would need to be used for the next refresh request. This does not invalidate the existing/previous access token which will continue to be valid for the duration of its lifespan. 

 

The Long Lived Refresh Tokens option does indeed work. When this option is selected, your refresh tokens would continue to be valid after you exchange them for a new access token. Because the original refresh token will continue to work, you will not receive a new refresh token when you refresh the access token.

 

Please let us know if you have any other questions!

 

Regards,


John B.
API Support Specialist
Did I answer your question? If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up