[Auth] Refresh Tokens expire abnormally and API respond with "invalid request"

[josephpage]

Almost every 2 days, one of the refresh_tokens expires (out of a total of ~20), and the API respond with a enigmatic :

{"error":"invalid_request"}

The only solution is the get a new refresh_token by manually enter the credentials in the consent screen. I don't have precise stats about this issue, but it is too frequent and serious enough for production environments. Happens since ... mmm... 4 months.

Just occurs this morning with a relatively new refresh_token got last week : 2017-08-30 10:37:40 UTC

If the refresh_token is expired for some reasons, the API should return a appropriate and explicit error message, to allow apps to properly handle the errors and send a renewal request to the account owner.

[josephpage]

cc @alexjomin

[alexjomin]

Do you have the HTTP code of the response ? It will be easier to point it out in the nginx log. Thank you

[josephpage]

Mmm I wait for the error to happen again.
Do refresh tokens have an expiration ?

[josephpage]

Mmm I remember refresh_token are valid for 48 hours (#24)
so why {"error":"invalid_request"} ? the error should be Invalid authentication according to documentation... (https://dev.xee.com/doc/api/api/v3/auth/access_token.md)

[alexjomin]

yes @josephpage it's look like a bug. We will give a look and let you know.

[josephpage]

Last times it happened :

• 9/24/2017 10:53
• 9/21/2017 15:06
• 9/20/2017 22:15

[josephpage]

Happened many times last week and today...