ForumsDevelopers400 Bad Request: Invalid refresh token


400 Bad Request: Invalid refresh token
Author Message
TaskUnifier

Posted: Oct 30, 2014
Score: 0 Reference
Hi,

Since I migrated TaskUnifier to API v3, many users are facing this error when the app is trying the refresh the token.

I don't know how to debug this as I simply send the request and receive an HTTP 400 exception.

Is there any way at your side to debug this ?

Thanks,

Ben
Jake

Toodledo Founder
Posted: Nov 01, 2014
Score: 0 Reference
If the refresh token becomes invalid, your app should prompt the user to sign in again to get a new one. One thing to note is that each time you use a refresh token to get an access token is that you get both an access token and a new refresh token in return. You should discard the old refresh token and use the new one. This may help with your error. I will also investigate what the issue might be.
TaskUnifier

Posted: Nov 03, 2014
Score: 0 Reference
Hi,

That's what I do.
The first thing I do is trying the retrieve the account info, if it fails do to an invalid token, I try to refresh the token.

If it fails (BadRequest), I ask a new auth code.
If it works, I retrieve the account info with the new token and I replace the existing token and refresh token with the new ones.

This refresh of the token works 80% of the time. But some users are often receiving a BadRequest: Invalid refresh token error, that I can't understand.
The latest refresh token I received is sent in the request, so I don't have much ways to debug this.

Thanks,

Ben
Jake

Toodledo Founder
Posted: Nov 04, 2014
Score: 0 Reference
Another developer is also having this problem, but we have not been able to yet confirm what the problem is. There are many apps that work correctly so I suspect that the problem is with the OAuth library that you are using. Are you using the Google OAuth library perhaps?
TaskUnifier

Posted: Nov 06, 2014
Score: 0 Reference
Hi,

I'm using my owner library. I checked that the auth code and refresh token which are sent are always to latest I received from Toodledo.

What I don't understand is that it is working for most of my users, but not for some of them.

If I had more information in the error message I could maybe debug this more easily.

It would be great if you could check why the error is returned.

Is the refresh token missing somehow ?
Is the refresh token invalid because out of date ?
Is the refresh token invalid because it doesn't exist ?
Is the refresh token invalid because it is an old one ?

Thanks,

Ben
Jake

Toodledo Founder
Posted: Nov 06, 2014
Score: 0 Reference
Can you please make a support ticket and include a log of your API calls including the refresh token you are trying to use? We can look it up and see what is happening to it.
You cannot reply yet

U Back to topic home

R Post a reply

To participate in these forums, you must be signed in.