Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Unable to refresh token after expiration

I can authenticate and fetch an access_token and the corresponding refresh_token fine (subsequent API interactions are also fine).

However, I seem to only be able to refresh a token (POST to /oauth/token with grant_type=refresh_token) before the access_token actually expires. After the expiration, the same refresh code (exactly that provided within the docs), returns with an error of invalid_grant.

I am using the soundcloud-ruby SDK, FWIW, but I can reproduce it through curl.

As an aside, I found some old messages from the Google Group mentioning that I can request a non-expiring token, but I do not see this mentioned anywhere in the docs. Is this still a viable option?

like image 251
iplaybongos Avatar asked Nov 13 '22 20:11

iplaybongos


1 Answers

That is correct. Refresh tokens cannot be used after an access token expires.

You can request a non-expiring access token by specifying scope=non-expiring when constructing an authorization URL. To do this with the Ruby SDK, simply pass the additional params to the authorize_url method:

require 'soundcloud'

client = Soundcloud.new(
  :client_id => 'YOUR_CLIENT_ID',
  :client_secret => 'YOUR_CLIENT_SECRET',
  :redirect_uri => 'REDIRECT_URI'
)

client.authorize_url(:scope => 'non-expiring')

The rest of the flow should be exactly the same (grab the 'code' parameter from the query string and make a POST request to /oauth2/token).

like image 134
Paul Osman Avatar answered Jan 04 '23 01:01

Paul Osman