Unable to refresh the access token sometimes

felipezavanfelipezavan Member Posts: 4

Hello,

We’re experiencing some problems when refreshing our access tokens that I hope you could help us solve.

Sometimes when we try to use a refresh token to get a new access token we receive a 400 Bad Request error. It starts occurring seemingly randomly with some accounts, and once it starts happening the refresh token never works again and we have to reauthorize the account to get a new access and refresh token.

Here’s are 2 refresh requests made less than 2 minutes apart (also attached as text files).

The left one was a successful refresh for account "A", made after we reauthorized it.

The right one was a failed refresh for account "B". We tried multiple times and received the same error every time. I checked and confirmed that the refresh token used is the one we received with the previous access token.

You can see that both requests are identical, the only difference is the refresh_token parameter and the response. The API documentation says that refresh tokens never expire, so I don’t know what could be the issue.

2 comments

  • felipezavanfelipezavan Member Posts: 4

     I have discovered that the problem was caused by multiple of our background jobs trying to refresh the same token at the same time (causing a race condition), or failing to save the new refresh token and tying to use the old one during the next refresh. I have fixed it by creating an independent service that is responsible for refreshing the tokens before they expire.

  • LucienVersendaalLucienVersendaal Moderator, Lightspeed Staff Posts: 937 moderator

    Hi @felipezavan ,

    Thanks for explaining this on the post, this is very valuable for other developers who are facing this issue.

    Many thanks.

Sign In or Register to comment.