Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refresh_Token Expires within a few hours #234

Open
Khungersumit opened this issue Feb 23, 2022 · 12 comments
Open

Refresh_Token Expires within a few hours #234

Khungersumit opened this issue Feb 23, 2022 · 12 comments

Comments

@Khungersumit
Copy link

Hi

I see some issues with refresh_token.

After getting authCode, I got access_token(valid for 1 hr) and refresh_token(valid for 31 days, I saved in DB)
After 1 hr access_token is expired and I generated a new access_token using the refresh_token(from my DB).
Now I got new access_token and refresh_token (I updated the new refresh_token in my DB)

After a few hours(>7-8 hours) API says "Request failed: Invalid refresh token"

That is not the expected behavior.
Has anyone faced a similar issue before? :)

@xpagedeveloper
Copy link

I haven’t seen any similar issue. I suggest you create some kind of audit log with the tokens.
And create an issue with fortnox support.

@Mmmattias
Copy link

Same issue here.

Created the token in the afternoon and the morning after it was invalid.

I guess this is not related to the C# client library but still a vital issue to solve if we are to be able to work with our integration.

@richardrandak
Copy link
Collaborator

Did you generated the tokens with the Fortnox SDK?
If not, make sure to add access_type=offline parameter to the authorization URL.. not doing that could result in short-lived token.. but that's just guessing. I have not encountered this issue myself.

Just so you know, this repository is not affiliated with Fortnox anymore. If you feel the issue is not caused by this library, please write directly to Fortnox official support and describe the problem to them.

@Mmmattias
Copy link

The token was created with the SDK but I spoke with the support instead since I noticed this repo wasn't maintained by Fortnox.

They however do not acknowledge that this error exist so I'll keep an eye out for it happening again before we go live.

@yasirjanjua
Copy link

I have been facing this same issue for the last 2 weeks. our application is in production and now this issue has started appearing and is very frustrating for our customers as they need to reactivate the token.
FYI, I am using access_type=offline
I thought it was an issue in my code but I just saw this thread where everyone faces this issue. is there any solution for It?

I believe there is some sort of throttling on this endpoint. https://apps.fortnox.se/oauth-v1/token. please solve this issue

@xpagedeveloper
Copy link

I have apps that is running the SDK with multiple customers. And have done so for several months with no problem.
Make sure that the functions that update the access and refresh tokens is blocking code.

@yasirjanjua
Copy link

@xpagedeveloper I am making blocking calls to refresh the tokens but the token gets invalidated on higher request rates. I sent 30 requests simultaneously and the error was reproducible.

@Khungersumit
Copy link
Author

Khungersumit commented Oct 5, 2022

@yasirjanjua @Mmmattias

I can imagine how frustrating this issue was for me and can be for anyone 😀

Here are a couple of suggestions that you can follow:

1). Make sure there is only one user at a time generating/using the App and the generated auth creds. if 2 users(consider A dev and a QA) using the same then it is gonna produce the same issue.
2). As an alternate ask your customer to re-authenticate the App and give consent to the required permissions whenever refresh_token expires.

@Khungersumit
Copy link
Author

I have apps that is running the SDK with multiple customers. And have done so for several months with no problem. Make sure that the functions that update the access and refresh tokens is blocking code.

Hi @xpagedeveloper xpagedevelope
I see you never have had this issue, Can you please answer these questions?

1). How often do you generate access and refresh tokens?
2). What is the expected/average number of Apis calls per customer (for which you generate the tokens) on an average day you make?

@xpagedeveloper
Copy link

1). How often do you generate access and refresh tokens?
1 -5 time per day and customer

2). What is the expected/average number of Apis calls per customer (for which you generate the tokens) on an average day you make?

aprox 1-30 /customer and day

@kkrogulski
Copy link

kkrogulski commented Oct 12, 2022

If you login with the same Fortnox API user again, you invalidate the previous refresh token.

@xpagedeveloper
Copy link

xpagedeveloper commented Oct 12, 2022

If you login with the same Fortnox API user again, you invalidate the previous refresh token.

Yes if you request a new access token using a refresh token any previous refresh tokens is invalid.
If you authorize the same application again that will make any previous refresh tokens invalid.
If you login using the web with the user that validated the API access that should not invalidate any refresh tokens.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants