If I understand correctly, OAuth users need to reauthenticate every 30 days within connected apps that use the API. Any chance of getting this extended? It’s kind of annoying for users.
hi @nhe when you authenticate you are given an auth token and a refresh token. You can use the refresh token to continuously refresh your app’s auth token so the user doesn’t have to sign in again after 14 days. Just FYI that the refresh token will change after 7 days once you use it (it will be the same for the first 7 days if you try to refresh it).
1 Like
Ah ok, so I can use the current refresh token to get a new refresh token, and as long as I’m making a new request 7-14 days after I got the current refresh token, the user wouldn’t be re-prompted to authenticate?
hi @nhe apologies for the late delay, I took extra time off for the holidays.
Correct. When you initially authenticate the response gives you a refresh token. You can then use that same refresh token to refresh your authentication for the user.
Just note that when you use the refresh token for the first 7 days it will be the same refresh token returned, but from days 8-14 it will be a NEW refresh token and the initial one will be invalid. So if you attempt to use the initial refresh token again after a new token has been generated it will invalidate your authentication and force the user to log in again.
I would recommend storing whatever refresh token is returned when calling the refresh token endpoint as a variable to use for the future, so that you don’t run into any weird invalidated states.
1 Like