Announcements

Help Wizard

Step 1

NEXT STEP

Refresh token revoked

Refresh token revoked

Avatar of chrishipgrave
Casual Listener
2021-04-19 11:04 AM

I am using PKCE for my web app. When a user tries to perform an action and the access token has expired, I use the refresh token to generate a new access token. If my webapp is idle for over a day, and I try to use the refresh token, I get the following: oken

status: 400

error: 'Refresh token revoked'

 

I cannot see anywhere online which mentions the refresh token automatically getting revoked. Should this happen? Do I need to get the user to re-auth when it does happen?

Labels:
Reply
3 Replies

Avatar of Hubo
Community Legend
2021-04-19 02:41 PM

Hey @chrishipgrave, thanks for your post here!


Hmm, I have taken a look and it seems that this might happen due to the following reasons:

- A refresh token that has been obtained through PKCE can be exchanged for an access token only once, after which it becomes invalid.

- The user revoked this app from their account

Could you let me know if any of these reasons are the case? Keep me in loop!

 

Happy coding,

Hubo

HuboSpotify Star
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.

Avatar of chrishipgrave
Casual Listener
2021-04-19 02:53 PM

Hi @Hubo,

 

Thanks for the reply. It's definitely not the secon point but could be the first. What I am doing is using setTimeout to trigger teh refresh token call after a certain time. Maybe if the user has closed their laptop or something it could cause the setTimeout to not fire. Any thoughts on that?

 

axios.post(`https://accounts.spotify.com/api/token`, params, config)
    .then(response => {
      let access_token = response.data.access_token
      let refresh_token = response.data.refresh_token
      let expires_in = response.data.expires_in
      commit('SET_ACCESS_TOKEN', access_token)
      commit('SET_REFRESH_TOKEN', refresh_token)
      dispatch('initPlayer')

      let now = new Date()
      now.setSeconds(now.getSeconds() + expires_in);
      commit('SET_EXPIRES_AT', now)

      let timeout = (expires_in * 1000) - 10000
      console.log('settimeout')
      setTimeout(() => {
        console.log('timeout triggered')
        dispatch('refreshToken')
      }, timeout)
    })
0 Likes

Avatar of martinweiss
Gig Goer
2024-01-30 04:56 AM

Hi Hubo,

 

I am having the same issue. I want to get a refresh token every so often and use that refresh to get a new access token to get my recently played songs. Do you have any advice? I am using Python. Thanks!

0 Likes

Suggested posts

Let's introduce ourselves!

Hey there you,   Yeah, you! 😁   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game and get…

Staff
ModeratorStaff / Moderator/ 2 years ago in Social & Random
Read more