[question] Refresh Token Flow

[Alexwines224]

I'm building an application to hook into users' CRM and send automated text messages throughout their sales campaigns. I'm a bit confused regarding the best way to generate a new token using the refresh token flow - I'm able to obtain a token using the Authorization Flow and cache the token for future use. I'm able to use the cached token with a new Rest Client (client.set_token(token)) and the refresh performs automatically if the token's 'expires_at' time has passed, however I can't get access to the refresh token object after the refresh has been performed. Will I be able to reuse the original token object indefinitely so long as it's refreshed within a week of when the previous refresh was performed? I was under the impression that the refresh token would cease to work one week (or however long the 'refresh_token_expires_in' is set to) after the original token was issued.

Essentially, I'm wondering whether users will need to log in at least once a week and obtain a new OAuth token, or if we're able to retrieve a new token via a background process/worker via Refresh Token Flow.

I posted this question on the developer forum as well - https://devcommunity.ringcentral.com/ringcentraldev/topics/text-automation#reply-comment-list-18391351

Thanks in advance for your help! Hope you're having a nice day.

[grokify]

1. Retrieving the Refresh Token after a Token Refresh

• You can always retrieve the current refresh token via the OAuth2::AccessToken object from client.token. However, at this time, the SDK will not inform you when the token has been refreshed and a new access token and refresh token are present. Since the access token expires after an hour, if you wish to retrieve the latest refresh token, you could retrieve the latest refresh token each hour.

2. Reusing Original Access Token after a Token Refresh

• Each token refresh generates a new access_token and refresh_token pair. The new tokens will have lifetimes starting from the refresh time, e.g. 1 hour or 1 week respectively.

3. Weekly User Login

• Default SDK refresh behavior is based on API calls. If the user / SDK makes an API call at least once a week, the default SDK behavior will refresh the access and refresh tokens after each hour and the user will never have to reauthorize.
• If the user / SDK does not make an API call for over a week, the refresh token will expire and the user will need to authorize again.

Let me know if you have any other questions.

[Alexwines224]

Thanks so much for the quick response!

Let me see if I understand this correctly:

When I generate a token using the code provided from the authorization flow, and set an OAuth token like so:token = client.authorize_code(code), the token will automatically refresh when I use it with another client instance, client.set_token(token) so long as the expires_at time has passed, correct?

I just tested this with an OAuth token that expired last Friday - when I call client.token, it returns the expired token. It appears to perform the refresh, as I'm able to send messages from the client, but I'm unable to access the new token. Is there a way to grab the new token? Should it be returned when I call client.token?

Let me know if you need me to clarify at all.

[grokify]

After a token refresh, the OAuth2::AccessToken should be updated with the new access and refresh tokens. Let me verify this and post back here a bit later.

[Alexwines224]

I've been playing around with this a bit and I think I found the reason for my question:

If I obtain an OAuth2 token via Authorization flow and store the token, I can successfully use the token for another client instance by calling client.set_token(original_token)

From what I can tell, the refresh token isn't used until the client performs an action. For example, if I call client.set_token(original_token) after the original_token["exipres_at"] time has passed, client.token will return the the original_token. However, if I call client.set_token(original_token) and then call client.send_message(message_params), client.token will return a new token.

I'm wondering if there's a way to obtain a new token without actually performing an action. Is there a method that I can call on client that will obtain a new access token without sending a message, etc?

Let me know if you need me to clarify. Thanks for your help!

[Abhinaw-Softobiz]

How can I refresh access token using refresh token in Sdk.I am using this

Dictionary<string, string> obj = new Dictionary<string, string>();
obj.Add("refresh_token", CurrentUser.RCRefreshToken);
obj.Add("grant_type", "refresh_token");

                var request = new Request("/restapi/oauth/token", obj);
                var responseToken = sdk.Platform.Post(request);

But geting error. 'Access has Expired