Error 401 with the message: "Unauthorized Client: Old refresh token used."

[shahshaiq]

Hello,

I'm encountering the following error: Error 401 with the message: "Unauthorized Client: Old refresh token used."

According to the documentation I'm referring to, I've followed the same approach. I'm setting all the values retrieved from the database as instructed. However, once the connection is established and authenticated, shouldn't it provide me with a new refresh token along with the access token? This way, I could save these updated tokens for the next connection.

$connection = new \Picqer\Financials\Exact\Connection();
$connection->setRedirectUrl('CALLBACK_URL');
$connection->setExactClientId('CLIENT_ID');
$connection->setExactClientSecret('CLIENT_SECRET');

if (getValue('authorizationcode')) {
    // Retrieves authorizationcode from database
    $connection->setAuthorizationCode(getValue('authorizationcode'));
}

if (getValue('accesstoken')) {
    // Retrieves accesstoken from database
    $connection->setAccessToken(unserialize(getValue('accesstoken')));
}

if (getValue('refreshtoken')) {
    // Retrieves refreshtoken from database
    $connection->setRefreshToken(getValue('refreshtoken'));
}

if (getValue('expires_in')) {
    // Retrieves expires timestamp from database
    $connection->setTokenExpires(getValue('expires_in'));
}

// Make the client connect and exchange tokens
try {
    $connection->connect();
} catch (\Exception $e)
{
    throw new Exception('Could not connect to Exact: ' . $e->getMessage());
}

// Save the new tokens for next connections
setValue('accesstoken', serialize($connection->getAccessToken()));
setValue('refreshtoken', $connection->getRefreshToken());

[remkobrenters]

It appears there may be an issue with how you're managing refresh tokens. The error you're encountering can occur when you make a request, receive a new refresh token, but then make another request without using the new token. This could be because you're still using the old token, using an empty token, or the token has been incorrectly formatted during the process. To address this, add debugging to your workflow: compare the original refresh token with the new one you receive, and verify that your storage or database is updated with the new refresh token. Also, make sure the new token is correctly applied in your next request. This approach should help you identify and resolve the issue.

[shahshaiq]

It appears there may be an issue with how you're managing refresh tokens. The error you're encountering can occur when you make a request, receive a new refresh token, but then make another request without using the new token. This could be because you're still using the old token, using an empty token, or the token has been incorrectly formatted during the process. To address this, add debugging to your workflow: compare the original refresh token with the new one you receive, and verify that your storage or database is updated with the new refresh token. Also, make sure the new token is correctly applied in your next request. This approach should help you identify and resolve the issue.

After storing the tokens in the database, when we utilise that token to establish a new connection and connect, the expectation is that after $connection->connect() is executed, it should provide a refreshed token. Despite my debugging efforts, I found that the refresh token remains the same as the one previously stored in the database.

[remkobrenters]

I cannot really help you at this point without taking a deep dive into your codebase. You are either making a mistake in the request, the way you process the returned new refresh token or the way to store it.

[shahshaiq]

@remkobrenters Thanks..! already resolved this issue.

[frekel]

@shahshaiq Can you tell us a bit how you resolved this issue?

[shahshaiq]

@shahshaiq Can you tell us a bit how you resolved this issue?

Actually, I employ a different approach to manage my communication with Exact Online. For generating a new access token, I rely on my custom method. Rather than using standard library methods, I make an HTTP GET request to a specific URI, where I pass the refresh token to obtain a new access token.