I am currently trying to get the Predictions API working (php).
I got it to work but after some time I get an error while calling the API (401 Unauthorized / Invalid OAuth token).
So this is my “workflow”:
Pre Step:
I am calling the auth API with the following scope (channel:read:predictions). After that I get returned to my pre set return URL (http://localhost/test) which is fine now I have a token + refresh token which I now store in my DB + variable.
Step 1:
Get the stored variables I need (UserID, clientID, clientSecret, appAccessToken, userAccessToken, userAccessRefreshToken) out of my DB.
Step 2:
I am checking if my appAccessToken is valid. If not then I am doing Step 2.1
Step 2.1:
I am generating an appAccessToken with my clientID + clientSecret (which works)
I am storing the return in a variable in my code + DB
Step 3:
I am refreshing my userAccessToken so I am 100% sure it’s still active.
Step 4:
I am calling the predictions API which works for some time. And out of the sudden I get a 401 error.
I really don’t know what I am doing wrong here. Or if I am missing a step to refresh?
Sounds like you are over refreshing and introducing a weirdness.
Or when you do refresh your program doesn’t use the new generated token.
And it’s the original token dying that is when your authentication is failing.
It’s part of the oAuth specification, so not explicity documented.
And why the new/current refresh token is returned when you refresh.
The refresh token may change at refresh but it doesn’t have to.