Authorization Code Flow Refresh Tokens

Authorization Code Flow Refresh Tokens

jhyde01

I am building an application which requires the refreshing of user Spotify stats (followers, playlists, etc) on a weekly basis. About two months after a user gives my web application access to their Spotify, I begin to get errors regarding the token no longer being valid, and when I attempt to refresh the token am not able to.

 

The documentation states "A new refresh token might be returned too." on https://community.spotify.com/t5/forums/postpage/board-id/Spotify_Developer

 

Under what circumstances will a new refresh token be provided when you refresh a token?

 

Is there anyway around this to always get a new refresh token?

Reply
2 Replies

Peter_Schorn

Because the documentation does not specify when a new refresh token is returned, your app should always check if a new one is returned after you refresh the access token. If a new refresh token is returned then you should replace the old one with the new one in your persistent storage. Are you doing this?

 

Try using the Authorization Code Flow with Proof Key for Code Exchange, which always returns a new refresh token after you refresh the access token.

jhyde01

Yes I am always storing the refresh token if it comes back. I will check out the PKCE way of doing things and see if that works.

Suggested posts