AnsweredAssumed Answered

Access token invalidated

Question asked by Steven Van Loon on Aug 28, 2019
Latest reply on Sep 5, 2019 by Matt Marum



When using the API, we experience the issue that access tokens seems to become invalid at unexpected moments. The exact error we get back from the platform, is:

invalid_grant: The access token provided is invalid.


We cache the access tokens and invalidate it when the lifetime is exceeded. We do not use the full lifetime (usually 3600 seconds), we subtract some value to be sure to fall within the range of the actual lifetime. When we get back the error of the access token being invalid and we try to get a new access token using the refresh token, we get an error that the refresh token is invalid too. So no way of recovering.


We use a custom platform to do all requests and we make sure we don’t use the same user from different environments to use that same platform.


Also, and I don’t know whether it’s related to this issue, we often experience the fact that the socket connection to Sugar when refreshing the access token, is reset. When this happens, we try again and we do get a valid access token and a new refresh token (which we store for later use).


Any ideas? Is there a way to see on the Sugar side what’s going wrong or which access tokens & refresh tokens are valid / invalidated?


Thanks a lot,