09-07-2018 09:27 AM
I'd like to refresh the access token after 90% of it's life is used up (just prior to expiration). But everytime I do, I get the exact same (access and refresh) tokens back, and the expiration of the access token hasn't moved a bit.
Do I have to wait until after the token has expired before I can refresh it?
Solved! Go to Solution.
09-07-2018 11:39 PM
09-07-2018 11:39 PM
09-09-2018 02:49 PM
I waited 8 hours for the access token to expire, and then I was able to refresh the access token. So I can confirm what you said. So about how long is the refresh token good for? The documenation says one year, but it also says the access token has life of 10 minutes (not 8 hours), so I'm not sure if I should trust the documentation.
09-09-2018 09:57 PM
Looks like there is a bug when creating the OAuth client from our Partner Interface which is setting the expiration time of 8 hours for both access and refresh Token .
We are working on a fix and will keep you posted .
The 10 minutes is for the one time Auth code which is generated when the authorization flow is done
Also have a look at our sample app for OAuth at https://github.com/AuthorizeNet/oauth-sample-app
09-10-2018 08:47 AM
Thanks for your followup on this. Hopefully my observations will help you track this down:
1) The access_token expired after 8 hours.
2) A few days later, I was able to use the refresh_token to obtain new tokens (access and refresh).
3) The token .json advertised the fact that both the access_token and refresh_token had a lifespan of 8 hours. But my experience (point #2) showed that the refresh_token outlived those 8 hours.
4) From the merchant settings, I revoked my application. The refresh_token continued to work for its full 8 hours. This seems like a long time to continue to have access to the merchant account. So I'm glad you're looking into why it's not 10 minutes like the documentation indicates.
10-16-2018 12:00 PM
@TroyW I'm having the same issue. So what it sounds like is you need to update the refresh token after the access token expires but before the refresh token expires? This is frustrating because the response says they have the same expiration time. Are we supposed to guess at when the refresh token expires..? Run a chron that updates the refresh token every 9 hours or something?
10-16-2018 01:16 PM
I found that you can just ignore the advertised expiration times. The access token lasts about 8 hours, and the refresh token is "long lived" enough so there's no problem getting a new access/refresh token combo.
10-16-2018 02:58 PM
Hi All ,
Due to a defect currently the refresh token are shorten to 8 hours but the refresh token will be valid for 1 year after the fix soon .
Tentatively target by end of month .
10-23-2018 11:53 PM
Hi All ,
The expiration time issue should be fixed now .
Can you create a new OAuth client and check ?