Previous OAuth2 Access Token is Expiring After Resintalling

  • 29 November 2021
  • 3 replies
  • 135 views

The Refresh token is expired after reinstalling app by Auth2. We have even not selected the option 'Expire user authorization token'. Just the latest access token is working and all the other previous tokens expired. How can this be fixed?


3 replies

Userlevel 5
Badge +1

Hi @Pabbly 

 

If you have not selected 'Expire user authorization token' you should not have a refresh token. 
When you say ‘just the latest access token is working and all the other previous tokens expired’ do you mean all your users’ access tokens expired? 

 

At a given time, a user can have only one access token that represents the access allowed by a user for a specific app in a specific team. For example: if you are building an application named “Pabbly’s app” and you give me access to this app. As a user, I will install this app and authorize it in my team “Anthony’s team”. I will go through the OAuth2 process you have implemented and you will get an access_token that will give you the right to do API calls in my name to do action in “Anthony’s team”. This access token works only for me (Anthony) coming from the app “Pabbly’s app” in the team “Anthony’s team”. If you make me go through the process to generate a new access token for that app in the same team it will invalidate the previous access token and create a new one.

 

If you use the app setting to manually generate an access token for testing purposes, it does exactly the same thing as described above for you as a user.

 

Now when we have created a new app by selecting the Expire user authorization token as shown below in the screenshot, it is still not working.

 

We have tested OAuth2 and after Clicking on 'Install & Authorize' we generated refresh token and access token. After sometime , we have reauthorize the app by clicking on 'Reinstall' and generated the refresh token and access token again.

Now we have tested first refresh token which is not working and has not created a new access token.

Only the second refresh token is working.

 

Mostly the OAuth2 apps do not make refresh token invalidate until it is not used.

Let us know how we can find a workaround for the same. We wish to have both the refresh token working.

 

 

 

Userlevel 5

Hi @Pabbly,

 

As Anthony mentioned, a user can only have 1 auth token at any given time. If you reinstall the app, you will get a new token, and the old one will be invalid. 

How are you using the access token after one is generated? If you can provide a bit more context on how you have this set up, I’m more than happy to look into this with you!

Reply