Community Home
Resources
Events & Webinars
Learn
Groups
Product Ideas

Refresh Token Invalid

by in API Developer Support
‎03-31-2022 02:56 PM
1 Kudo
‎03-31-2022 02:56 PM
1 Kudo
We recently updated our Application and I am getting an odd situation. I had to re-authorize and generate a new Access Token and Refresh Token. I then stored the tokens and started using the new Access Token, and that works fine.   However, when the Access Token expires and I try to refresh, I get this message: {"error":"invalid_grant","error_description":"The refresh token is invalid or expired."}   I've looked through other questions and the common suggestion seems to be that another Refresh call may have happened that overrode the Refresh Token I stored.  I don't think this is happening, but I suppose it may be possible somehow. My question to help confirm this is, when the Refresh Token request happens, does it invalidate both the Access Token and the Refresh Token? Because the Access Token I got continues to work for its expected 24 hour lifespan.    Second question - does the "Long Lived Refresh Tokens" feature in the Application settings work? I don't see it mentioned in the documentation, but saw it when I was looking at our Application. But if it does, I would use that option instead.    ... View more

Re: Request forbidden due to insufficient authoriz...

by in API Developer Support
‎09-24-2021 02:22 PM
‎09-24-2021 02:22 PM
Courtney,   We were able to figure it out. When we reset the token manually, the scope was not set correctly in the request so the new one didn't have access, which is what the Insufficient Authorization Scopes message meant.    That is good to know with those possible solutions, we'll take a look at those going forward.   Thanks! ... View more

Request forbidden due to insufficient authorizatio...

by in API Developer Support
‎09-22-2021 10:41 AM
‎09-22-2021 10:41 AM
We upgraded from an old integration to the v3 a couple months ago, and everything was working correctly. I was able to construct a request that gave me an access token and a refresh token, which we then used whenever the auth token expired, and all that worked fine.   Over the weekend, the API started returning an Unauthorized response when we called with a Refresh Token to get a new Auth Token, although nothing had changed in our code or the account settings. I then went in and went through the process to get a Code and from there get a new Refresh Token and Auth Token just to see if that helped. After doing that, a connection to add a contact now returns "Request forbidden due to insufficient authorization scopes." I have tried going to /account/user/privileges via the API and it seems to show all privileges are in place.   Has anyone seen this or have any insight?       ... View more
Latest Tags
No tags yet
Kudos from
View All