I’m getting back {"status":400,"message":"Invalid refresh token"} when trying to refresh an access token.
I make the following request to refresh the token: POST https://id.twitch.tv/oauth2/token?client_id=xxxx&client_secret=yyy&grant_type=refresh_token&refresh_token=zzz
Here is how my flow works:
Get code
Get access token/refresh/expire token from code
Save access token/refresh/expire token from code
When making request on behalf user, check if access token has expired. If so, refresh token using the request above and save to database
Make request using current token
Its possible that tokens aren’t being refreshed within the expiration time but to my understanding, refresh tokens do not expire on the expires_on date.
i know for sure they they didnt change password or unlink application.
when you say generated 25 tokens, wouldnt the way i store and use tokens avoid this? every single time i get a new token, i store it in the database along with the new refresh token and use that one from now on.
I can rule out users changing password or unlinking application because that should return 401:
When a user changes their password or disconnects an app, we delete all tokens for that user. Both refresh and access tokens for that user will return 401Unauth
I can rule out the old token being killed because im always using the most recent token.
Is there a complete list of other reasons of what else could be going wrong?
@BarryCarlyon, do you have any other recommendations on how to troubleshoot? I’m only experiencing these issues under my production server, which manages many more accounts than my dev server. The dev server never has this issue