We have an integration which allows us to call the SugarCRM API by using the authentication tokens of a certain SugarCRM user. Now, our customers have a problem: their refresh token become invalid (invalid_grant) and we cannot find any way to reproducing this.
As far as I know, refresh tokens only get invalidated whenever a new access token for a certain user is requested under the same platform.
- One user authenticates to with SugarCRM and recieves the access (& refresh) token which authenticate our connector
- Then, other users can use this connector to retrieve (meta-)data from SugarCRM
- To realise this, we have a connection pool with a number of http-clients which use these these tokens (they can be used simultaneously)
- The moment we do an api call, we refresh the token if it is expired (minus an offset of a couple of minutes)
- Refreshing is done synchronized and all clients now use the renewed access token
I read something interesting in this post https://community.sugarcrm.com/thread/30360-refresh-token-becames-invalid,
"You can't have multiple clients connecting to same Sugar instance using same platform id at same time or you'll run into session conflicts.". Matt Marum
So my actual question: is it possible my refresh token is invalidated while trying to use the SugarCRM rest api with multiple http-clients at the same time with one access token?
Recently, we also started to have this warning:
Invalid cookie header: "Set-Cookie: AWSALB=qi4YCymX2Y9JifxIhN...vNXPOGlOW2P7KqY7acJgAUdojIlK; Expires=Thu, 20 Feb 2020 08:38:58 GMT; Path=/". Invalid 'expires' attribute: Thu, 20 Feb 2020 08:38:58 GMT
I don't know if it's relevant.
Thanks for helping