invalid_grant: The refresh token is invalid or expired.

[handoyo]

Hi,

I'm using using server flow to get the access token and refresh token,

I saved both access token and refresh token.

When i call the refreshToken method, i get this error: invalid_grant: The refresh token is invalid or expired..

What should i do so the refresh token is not expired or get updated?

Thnkas

[phpfui]

Are you specifying the scopes correctly:

https://developer.constantcontact.com/api_guide/scopes.html

I seem to remember something about grants, but it was a while back. Also I just changed something recently in the auth code. Roll back to the previous version (24.2 I think) and see if that works.

Let me know what you find.

[handoyo]

I didn't specify the scopes.

based on your docs, if we didn't specify the scopes, then it will use all scopes right?

[phpfui]

Do you try rolling back to the previous version?

I think it defaults to all scopes, but I seem to remember something about grants. Maybe that is OAuth stuff. That seems right to me now. Was a long time ago I got this working so I tend to forget the how it works part. Grants is definitely OAuth, which my library should handle. Will look again tomorrow.

On Tue, Mar 5, 2024, 10:34 PM yonghan79 @.***> wrote:

I didn't specify the scopes.

based on your docs, if we didn't specify the scopes, then it will use all scopes wight?

— Reply to this email directly, view it on GitHub https://github.com/phpfui/ConstantContact/issues/19#issuecomment-1980018608, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABYW6S4IRA6U4OEZCQILZELYW2FFLAVCNFSM6AAAAABEHTAJZCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSOBQGAYTQNRQHA . You are receiving this because you commented.Message ID: @.***>

[handoyo]

Not yet, I haven't rolled back the version yet.

I will wait for your info regarding the grant. Thank you.

[phpfui]

Yes, confirmed grant types are part of OAuth. Also it looks like the code is no longer working for my website. I need to investigate why, but could be a setting issue on my side.

So please do try a rollback to the previous version and let me know if that works for you. I suspect that is the issue. There will be an update to the library for sure in the next week, but it would help to have your experience on the previous version.

[phpfui]

I was able to retest the older version of the library and the newer version. They both seem to work, but I would do your own testing.

See issue #17 for other ideas on getting and refreshing the tokens. I think the problem may actually be what the error message says, is that the refresh token is invalid. Have you tried to access an API endpoint other than refresh? If that works, your main token is OK and the refresh token should be good.

I am going to add another Constant Contact feature to my website and will update the library if I find any other issues.

[handoyo]

I have add a debug code to get the refresh token last error message to see when the token becomes empty, and it appears after around 3 days, the refresh token expired or becomes invalid.

i was using the rotating instead of long live token.

Could that be the cause?

[phpfui]

Yes, that is likely the problem. I am using a long term token I believe. I also refresh it daily. That seems to work. My cron job runs nightly, and refreshes the token every time, so I have not seen this.

[handoyo]

i will try the long live refresh token to see if it still return empty token after several days.

i will let you know the result.

[phpfui]

I did a lot of testing on my own site and things seem to be working correctly. I did fix one minor issue with next() if the API returned an error that would cause multiple extra requests.

[phpfui]

I am closing this issue as I think it was a configuration issue. Open another issue if needed.