developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

Proactively Refreshing the OAuth Access Token

View the SolutionThis topic has been marked as solved.

I'd like to refresh the access token after 90% of it's life is used up (just prior to expiration).  But everytime I do, I get the exact same (access and refresh) tokens back, and the expiration of the access token hasn't moved a bit. 

 

Do I have to wait until after the token has expired before I can refresh it?

 

Thanks,
Troy

TroyW
Contributor

‎09-07-2018 09:27 AM

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

View the SolutionThis topic has been marked as solved.

Hi @TroyW

 

Yes that is correct . You will need for token expired error and call the /token api with refresh token to get a new set of access and refresh tokens . 

 

 

Thanks

Anurag





Send feedback at developer_feedback@authorize.net

View solution in original post

Anurag
Moderator Moderator
Moderator

‎09-07-2018 11:39 PM

0 Kudos
8 REPLIES 8

View the SolutionThis topic has been marked as solved.

Hi @TroyW

 

Yes that is correct . You will need for token expired error and call the /token api with refresh token to get a new set of access and refresh tokens . 

 

 

Thanks

Anurag





Send feedback at developer_feedback@authorize.net
Anurag
Moderator Moderator
Moderator

‎09-07-2018 11:39 PM

0 Kudos

View the SolutionThis topic has been marked as solved.

I waited 8 hours for the access token to expire, and then I was able to refresh the access token.  So I can confirm what you said.  So about how long is the refresh token good for?  The documenation says one year, but it also says the access token has  life of 10 minutes (not 8 hours), so I'm not sure if I should trust the documentation.

 

--Troy

TroyW
Contributor
In response to Anurag

‎09-09-2018 02:49 PM

0 Kudos

View the SolutionThis topic has been marked as solved.

Hi @TroyW

 

Looks like there is a bug when creating the OAuth client from our Partner Interface which is setting the expiration time of 8 hours for both access and refresh Token . 

 

We are working on a fix and will keep you posted . 

 

The 10 minutes is for the one time Auth code which is generated when the authorization flow is done 

 

https://developer.authorize.net/api/reference/features/oauth.html#Redirecting_the_Merchant

 

Also have a look at our sample app for OAuth at https://github.com/AuthorizeNet/oauth-sample-app

 

Thanks

Anurag





Send feedback at developer_feedback@authorize.net
Anurag
Moderator Moderator
Moderator
In response to TroyW

‎09-09-2018 09:57 PM

0 Kudos

View the SolutionThis topic has been marked as solved.

Thanks for your followup on this.  Hopefully my observations will help you track this down:

 

1)  The access_token expired after 8 hours.

2)  A few days later, I was able to use the refresh_token to obtain new tokens (access and refresh).

3)  The token .json advertised the fact that both the access_token and refresh_token had a lifespan of 8 hours.  But my experience (point #2) showed that the refresh_token outlived those 8 hours.

 

4)  From the merchant settings, I revoked my application.  The refresh_token continued to work for its full 8 hours.  This seems like a long time to continue to have access to the merchant account.  So I'm glad you're looking into why it's not 10 minutes like the documentation indicates.

 

--Troy

 

TroyW
Contributor
In response to Anurag

‎09-10-2018 08:47 AM

0 Kudos

View the SolutionThis topic has been marked as solved.

@TroyW I'm having the same issue. So what it sounds like is you need to update the refresh token after the access token expires but before the refresh token expires? This is frustrating because the response says they have the same expiration time. Are we supposed to guess at when the refresh token expires..? Run a chron that updates the refresh token every 9 hours or something?

jdoyle112
Contributor
In response to TroyW

‎10-16-2018 12:00 PM

0 Kudos

View the SolutionThis topic has been marked as solved.

I found that you can just ignore the advertised expiration times.  The access token lasts about 8 hours, and the refresh token is "long lived" enough so there's no problem getting a new access/refresh token combo.

 

--Troy

TroyW
Contributor
In response to jdoyle112

‎10-16-2018 01:16 PM

0 Kudos

View the SolutionThis topic has been marked as solved.

Hi All , 

 

Due to a defect currently the refresh token are shorten to 8 hours but the refresh token will be valid for 1 year after the fix soon . 

 

Tentatively target by end of month .

 

Thanks

Anurag





Send feedback at developer_feedback@authorize.net
Anurag
Moderator Moderator
Moderator
In response to TroyW

‎10-16-2018 02:58 PM

0 Kudos

View the SolutionThis topic has been marked as solved.

Hi All , 

 

The expiration time issue should be fixed now . 

 

Can you create a new OAuth client and check ?

 

Thanks

Anurag





Send feedback at developer_feedback@authorize.net
Anurag
Moderator Moderator
Moderator
In response to Anurag

‎10-23-2018 11:53 PM

0 Kudos
Copyright © 2024 Khoros, LLC