Answered

Refresh token expire_in


Userlevel 1

hi before the 02/11/2022 the refresk token expire in 86400 seconds  and after the 02/11/2022 the refresh token, expire in 3600 seconds . It’s normal or do you have the bug ?  I can’t see this updat in the documentation.

Thanks for you help 

Cédric 

icon

Best answer by andrew_videoask 8 November 2022, 16:01

View original

11 replies

Userlevel 7
Badge +5

Hi @driaux, are you seeing this somewhere in an API response?

The refresh_token should not expire.

Userlevel 1

hi not see in the documencation API.

Last the 3/11/2022, all token expire after 3600 seconds.  In the response expire_in have the nice seconds before the 2/11/2022.

 

I have this response for the POST https://auth.videoask.com/oauth/token

 

```

{
access_token: "xxxxxxxxxxxxxxxxxxxx",
refresh_token: "BndxxxxxGdExxxxxxxxxxxxxxxxKsa",
id_token: "eyxxxxxxxxxxxxxxxxxxxxxxxvQ",
scope: "openid profile email offline_access",
expires_in: 3600,
token_type: "Bearer"
}

```

 

before i have this (call of the 2/11/2022)

```

{
access_token: "xxxxxxxxxRdOUg",
refresh_token: "xxxxxx",
id_token: "exxxxxxxxxxxxxxxx",
scope: "openid profile email offline_access",
expires_in: 86400,
token_type: "Bearer"
}

```

Userlevel 7
Badge +5

@driaux Thanks for flagging! I was able to reproduce this on my side.

I’m checking with our team to see if this change was intended. 

Userlevel 7
Badge +5

Hi @driaux, yes this was a change that was pushed into production a few days.

The access token is now valid for 60 minutes, rather than 24 hours.

Let me know if you have any further questions!

@andrew_videoask does the refresh_token ever expire?

Userlevel 7
Badge +5

@Ali Mir It does not 🙂

@andrew_videoask thanks. Is the function to get new access token via refresh token rate limited? It seemed to work fine but as I hit POST request many times while I was testing I got hit with “unauthorized” error…

Userlevel 7
Badge +5

@Ali Mir I’m not aware of any rate limits, but that may be the case. However, you shouldn’t have to make the request more than once every 60 minutes (when the access token expires).

@andrew_videoask ok thanks. Would it be an issue if I run a cron job that refreshes access token every hour?

What would be the best way to make sure access token is up to date in our system?

Userlevel 7
Badge +5

@Ali Mir My understanding is that shouldn’t be a problem. 

You could run a cronjob or cache the access token. So basically, when you generate a new access token you cache it for its lifetime of one hour. 

Then when the next request comes in, you can check if the access token is still cached. If it is, you’re good to go. If it’s not, use the refresh token to generate a new access token.

Reply