Refresh Token Is Revoked After 24 Hours

[kokhans]

OAuth - Refresh Token Is Revoked After 24 Hours

• SDK/Library version: 4.11.0, 4.12.0
• Environment: Sandbox
• Language, language version, and OS: .NET Core 2.2, C#

Issue description

After creating an access token from code OAuth.CreateTokenFromCode(request) we get an object with AccessToken, RefreshToken, ExpiresAt fields successfully. From your docs OAuth (Beta) Access Tokens:

• An OAuth accessToken will expire 24 hours from its creation;
• The refreshToken is provided when you get the initial access token and will expire 180 days from its creation.

If we will wait 24 hours and will try to use RefreshToken to get new AccessToken and RefreshToken, we will get the next error:

Braintree.ValidationErrorCodeMessage "Invalid grant: refresh token is revoked"

Expected result: We should have the possibility to use RefreshToken for 180 days to get new AccessToken and RefreshToken.

[crookedneighbor]

Are you happening to be using the refresh token more than once? Once you use it the first time, it will be revoked. And the new one returned with the new access token should be used instead.

[kokhans]

I use it only once. So after getting new AccessToken and RefreshToken I will wait for 24 hours and after this period I got an error.

[crookedneighbor]

We'll need someone to look into your account, if you only used the RefreshToken once, it shouldn't expire so early. Please contact out support team so we can look into your account: https://help.braintreepayments.com/