Access token invalidated

Hi,

When using the API, we experience the issue that access tokens seems to become invalid at unexpected moments. The exact error we get back from the platform, is:

invalid_grant: The access token provided is invalid.

We cache the access tokens and invalidate it when the lifetime is exceeded. We do not use the full lifetime (usually 3600 seconds), we subtract some value to be sure to fall within the range of the actual lifetime. When we get back the error of the access token being invalid and we try to get a new access token using the refresh token, we get an error that the refresh token is invalid too. So no way of recovering.

We use a custom platform to do all requests and we make sure we don’t use the same user from different environments to use that same platform.

Also, and I don’t know whether it’s related to this issue, we often experience the fact that the socket connection to Sugar when refreshing the access token, is reset. When this happens, we try again and we do get a valid access token and a new refresh token (which we store for later use).

Any ideas? Is there a way to see on the Sugar side what’s going wrong or which access tokens & refresh tokens are valid / invalidated?

Thanks a lot,

Steven.

0 André Lopes over 4 years ago

Try to refresh token at every 60 seconds.
We do that for some time spending tasks and this never fail.
Regards

André Lopes
Lampada Global

Skype: andre.lampada
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Matt Marum over 4 years ago

Is your integration connecting from multiple IP addresses? We perform Client IP validation by default which is another reason why a session might be invalidated.

App Ecosystem @ SugarCRM
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Steven Van Loon over 4 years ago in reply to Matt Marum

Hi Matt,
we're connecting from just one IP address. However, we think we discovered what was causing the issue. We use one user to connect to sugar and use the sudo endpoint to impersonate other users. When we use the main user to sudo to itself, we noticed the access token & refresh token become invalid. The solution is simple: don't sudo to yourself.
Can you tell me whether this is expected behavior? We checked to see whether a new refresh token was returned during the sudo operation but that is not the case.
Thanks,
Steven.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Jeroen Somhorst over 4 years ago in reply to Steven Van Loon

Hi Steven.
Another approach would be to introduce a second platform. This way you are sure that the user you are using is not logged out at any time the 'original' user is using the main application.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
+1 Matt Marum over 4 years ago in reply to Steven Van Loon

Hi Steven,
Jeroen alluded to this but you are likely running into restriction where we only allow active session per user per platform. If you are "sudo"-ing the current user then you're probably causing yourself to run afoul of this restriction. So, yes, I think this is expected.

App Ecosystem @ SugarCRM
Cancel
Vote Up +4 Vote Down

Sign in to reply

Reject Answer

Cancel
0 Rana Awais over 3 years ago

Please tell me that, how to validate the access token
e.g
if i generate a token , in a specific function i want to validate that token that is it valid or not then how i can do that?
if token is valid then i will use that token otherwise i will generate new token
please give me the answer for that
Thanks in advance
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Rana Awais over 3 years ago in reply to Rana Awais

Matt Marum
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Matt Marum over 3 years ago in reply to Rana Awais

Rana - I'm not sure I understand the scenario. When you authenticate to Sugar, you will be issued an access token that you will include on subsequent requests to Sugar. The Sugar backend will be validating your token on each request. Sugar will tell you when your token becomes invalid. At that point, you need to use the refresh token to get a new access token or re-authenticate.

Everything you need to know should be here:

https://support.sugarcrm.com/Documentation/Sugar_Developer/Sugar_Developer_Guide_10.0/Integration/Web_Services/REST_API/

App Ecosystem @ SugarCRM
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Rana Awais over 3 years ago in reply to Matt Marum

ok thats fine
but i am saying that is there is any way to find that token is now expired and i have to generate a new one.
any method or curl request for that, which find token is expired?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
+1 Enrico Simonetti over 3 years ago in reply to Rana Awais
Rana Awais

Any api call would do. A success would mean the token is valid, while a failure would mean you need to authenticate. We have a /ping endpoint for that specific purpose though: https://support.sugarcrm.com/Documentation/Sugar_Developer/Sugar_Developer_Guide_10.0/Integration/Web_Services/REST_API/Endpoints/ping_GET/

Cheers
--

Enrico Simonetti

Sugar veteran (from 2007)

www.naonis.tech

Feel free to reach out for consulting regarding:

API Integration and Automation Services

Sugar Architecture

Sugar Performance Optimisation

Sugar Consulting, Best Practices and Technical Training

AWS and Sugar Technical Help

CTO-as-a-service

Solutions-as-a-service

and more!

All active SugarCRM certifications

Actively working remotely with customers based in APAC and in the United States
Cancel
Vote Up +1 Vote Down

Sign in to reply

Reject Answer

Cancel