APIs & Integrations

Clayton_
Contributor

What to do if refresh token unavailable or fails?

SOLVE

In my app, I'd like to build out a resilient process that can handle this scenario –

 

  1. App is installed and authorized
  2. App needs to renew access token and attempts to exchange refresh token
  3. Refresh token exchange process fails
    • refresh token is unavailable (e.g. via app storage issue)
    • refresh token is no longer valid (e.g. already used and new refresh token not stored)
    • exchange errors out for some other reason
  4. App now needs to somehow re-authorize and request new tokens

What are the options for handling Step 4? Are there ways to do this, for an active installation, without having to ping the user to uninstall and reinstall the application?

 

Thanks for any help and advice.

0 Upvotes
1 Accepted solution
himanshurauthan
Solution
Recognized Expert | Diamond Partner
Recognized Expert | Diamond Partner

What to do if refresh token unavailable or fails?

SOLVE

Hello @Clayton_,

 

What I want to say is, if you are trying to get a new refreshed token and every time you are getting an error then you can show a notice to "Re-Authorize your Account".

 

Regards,

 

Digital Marketing & Inbound Expert In Growth Hacking Technology

View solution in original post

6 Replies 6
himanshurauthan
Recognized Expert | Diamond Partner
Recognized Expert | Diamond Partner

What to do if refresh token unavailable or fails?

SOLVE

Hello, @dennisedson thank you for tagging me in.

 

So @Clayton_ at the time of authorization, you will get the refresh token and the expiration time of the refresh token. You can save both of these in the database and whenever any request triggers you have to check whether the token has expired before that. If the token has expired, then you need to send a request for a new refresh token to the endpoint: '/oauth/v1/token'.

 

$flag = true;

if (  condition to check token is expired or not   ) {



	$status  = request_to_refresh_token();



	if ( ! $status ) {



		$flag = false;

	}

}



if ( $flag ) {

	// you can snd request here.

}

 

I hope this will resolve your problem.

 

Best regards,

 

Digital Marketing & Inbound Expert In Growth Hacking Technology
Clayton_
Contributor

What to do if refresh token unavailable or fails?

SOLVE

Thanks @himanshurauthan , that process does make sense.

 

How have you handled cases when this renewal process fails?

 

For example, if your app didn't save or wasn't able to retreive the refresh token successfully due to a DB issue, or say a network issue in exchanging the token where you don't successfully receive the new tokens but have used the saved refresh token?

 

Is these cases you'd be without a working refresh token. At this point does the user have to uninstall and reinstall your app or is there another method that can be used to reduce that confusion and burden for them?

 

Thanks again for any help.

0 Upvotes
himanshurauthan
Recognized Expert | Diamond Partner
Recognized Expert | Diamond Partner

What to do if refresh token unavailable or fails?

SOLVE

Hi @Clayton_,

 

As per your query, we can go with the following actions:

 

You can check the expire time of the refresh token every time you make a request because if there was any database issue while updating the refresh token then the expire time will not update.

 

So you can check the expire time and if the token is expired then you have to refresh the token again.

 

Regards,

You can also check the error while updating the refresh token in database and if there is any error then you can show some notice to the user to 'Re-Authorize your Account'.

Digital Marketing & Inbound Expert In Growth Hacking Technology
Clayton_
Contributor

What to do if refresh token unavailable or fails?

SOLVE

Thanks for the follow-up @himanshurauthan .

 

My understanding is that the refresh token is only good for one use - if your app drops the ball in receiving or storing the new tokens, the same refresh token can't be used again. Is that what you've experienced?

 

> If there is any error then you can show some notice to the user to 'Re-Authorize your Account'.

 

So if the app does end up breaking the token renewal chain it sounds like the only recourse is to have the user uninstall and reinstall your application manually (as opposed to any other process the app can do behind the scenes) – is that what you mean?

 

Thanks again for the help.

 

0 Upvotes
himanshurauthan
Solution
Recognized Expert | Diamond Partner
Recognized Expert | Diamond Partner

What to do if refresh token unavailable or fails?

SOLVE

Hello @Clayton_,

 

What I want to say is, if you are trying to get a new refreshed token and every time you are getting an error then you can show a notice to "Re-Authorize your Account".

 

Regards,

 

Digital Marketing & Inbound Expert In Growth Hacking Technology
dennisedson
HubSpot Product Team
HubSpot Product Team

What to do if refresh token unavailable or fails?

SOLVE

@himanshurauthan , I imagine you have experienced  this before.  How would you handle it?

 

0 Upvotes