I'm wondering if one of my scripts is working as intended. Here's the situation:
I save the access_token and refresh_token tokens and their expiration times to database. When retrieving the access_token I also check if the expiration time has passed (with 10 minutes of headroom) and if so I use the refresh_token to update the access_token expiration.
The thing that I'm wondering is, why does the access_token itself change? Is it supposed to? Let's say I have an access_token "47e4c78c-65d4-5cda-ac74-57ce9a73d47e" that has expired and I refresh it. Suddenly it changes to "6e34021a-59c9-29ea-2fc9-57cea31af19d".
Here are the arguments I pass to /oauth/token when refreshing:
$token_arguments = array(
"grant_type" => "refresh_token",
"refresh_token" => $refresh_token,
"client_id" => "xyxyxy",
"client_secret" => "xyxyxyxy"
If required I will post some more code, but I will likely have to edit some stuff out (like the client_id & client_secret here).
Also, sometimes the access_token & refresh_token seem to get invalidated much sooner than what the response claims. The response has expires_in set to 1 hour and refresh_expires_in set to 14 days, but it seems they (both) can invalidate in as little as 5-10 minutes which results in the remainder of the script to fail because I'm checking the expirations from what I have saved. Why can they get invalidated sooner than they're supposed to? It seems random too.
Thank you in advance!
PS. Our instance is on-demand, including the sandbox that I'm currently testing this script with, so I can't check for a lot of the config settings without contacting support. The sandbox does not have any other traffic to it.