This is an aspect of our authentication stack that developers struggle the most with. Other platforms tend to be much more permissive with regards to the generation of access tokens that are long lived. With those platforms, developers rarely see their access tokens expire. But with RingCentral, because we take security as seriously as we do because of the many customers we have that operate in highly regulated industries, we adhere much more closely to the security best practices advocated for by the OAuth community. As a result, our access tokens expire within 24 hours.
When you use an access token that has expired, you will receive this error:
{
"error": "invalid_grant",
"errors": [{
"errorCode": "OAU-210",
"message": "Token expired"
}],
"error_description": "Token expired"
}
The immediate and only solution to this problem is to reauthorize the user whose token has expired.
The next question in most developers' minds then becomes: how can I keep this from happening in the future? This is especially true for apps in which processes need to run in the background and for which a user may not always be present to reauthenticate. In these scenarios, having a token expire can be very disruptive because you lose access to a customer's account with no easy and immediate way to engage them to fix the problem.
There are two primary solutions to this dilemna:
1. [Use JWT auth instead][1]. If your app exclusively works in the background, then JWT may be a better choice. Before you jump on this solution, take the time to ensure it is the [best choice for your app][3].
2. [Keep access tokens fresh using refresh tokens][2]. This is a little more involved to be honest, but nine times out of ten is the better, longer-term solution.
[1]: https://developers.ringcentral.com/guide/authentication/jwt/quick-start
[2]: https://developers.ringcentral.com/guide/authentication/session-keep-alive
[3]: https://developers.ringcentral.com/guide/authentication
© 1999-2024 RingCentral, Inc. All rights reserved.
Privacy Notice