question

Nitesh Giri avatar image
Nitesh Giri asked Nitesh Giri commented

Error: Refresh token has expired Javascript SDK

I have used OAuth 2.0 flow to get access token and refresh token. I would be taking care of managing refresh token by saving it into some persistent storage.

I am calling an endpoint to get all the extensions for account.

const { SDK } = require('@ringcentral/sdk');

const rcsdk = new SDK({
server: 'https://platform.devtest.ringcentral.com/',
clientId: '',
clientSecret: '',

const platform = rcsdk.platform();
const data = await platform.auth().data();
data.token_type = 'bearer';
data.expire_time = 3600;
data.access_token = <access_token>;
data.refresh_token = <refresh_token>;
data.refresh_token_expires_time = 60480
platform.auth().setData(data);
const accounts = await platform.get('/restapi/v1.0/account/accountId/extension');

I get the following error:

Error: Refresh token has expired

If same access token is used in Postman for following endpoint works:

curl --location --request GET 'https://platform.devtest.ringcentral.com/restapi/v1.0/account/accountId/extension' \
--header 'accept: application/json' \
--header 'authorization: Bearer <access_token>' \
--header 'Content-Type: application/json' 


Also, how can I get the refreshed refresh_token if I use platform.refresh() ?

sdk
1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Phong Vu avatar image
Phong Vu answered Nitesh Giri commented

Where do you login and why do you need to set the tokens?

const data = await platform.auth().data();
data.token_type = 'bearer';
data.expire_time = 3600;
data.access_token = <access_token>;
data.refresh_token = <refresh_token>;
data.refresh_token_expires_time = 60480
platform.auth().setData(data);

You don't need to call the refresh() method. After login, if the platform instance is persisted, then call

if (await platform.loggedIn()){
  // call platform API
  const accounts = await platform.get('/restapi/v1.0/account/accountId/extension');
}else{
  console.log("Auto-login failed: BOTH TOKEN TOKENS EXPIRED")
  console.log("CAN'T REFRESH: " + e.message)
  // ask user to relogin
}

If the platform is destroyed and you want to save the tokens and reuse it after creating a new platform instance.

var tokenObj = await platform.auth().data()
var tokenStr = JSON.stringgify(tokenObj)
// stringify and safe the token string in a safe place

// then read the token and reuse it
var savedTokenObj = JSON.parse(tokenStr)
platform.auth().setData(tokenObj)
if (await this.platform.loggedIn()){
  // call platform API
  const accounts = await platform.get('/restapi/v1.0/account/accountId/extension');
}else{
  console.log("Auto-login failed: BOTH TOKEN TOKENS EXPIRED")
  console.log("CAN'T REFRESH: " + e.message)
  // ask user to relogin
}

You can implement callback functions to get notified if login, refresh succeeds or fails

platform.on(platform.events.loginSuccess, loginSuccess)
platform.on(platform.events.logoutSuccess, logoutSuccess)
platform.on(platform.events.refreshSuccess, refreshSuccess)
platform.on(platform.events.refreshError, refreshError)

Remember that after refresh successfully, you have to get the new tokens and save it for reuse

3 comments
1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Thanks @Phong Vu for your reply.

As far as I know I would need username & password to login to platform. I don't want to login to platform by using credentials. Basically, my client app(3rd party application) would be accessing the Ringcentral user's data authorized through OAuth flow. Is there any way to use SDK without using username & passoword?

Summarising my steps here:

  1. Client application redirects user to Ringcentral page to authorize itself with certain scopes.
  2. User logins in and authorizes application.
  3. After authorization, client app gets access token & refresh token.
  4. Client application makes use of these access tokens to access user's resources(it may refetch access token by refresh token)

I want to implement this client application(nodejs) to use SDK to fetch user's data.

I can use this access token to use APIs to fetch user's data. Can't I use SDK to access these APIs just by access_tokens ?

0 Likes 0 ·

Then check out this quick start to learn about 3-legged authentication. Once you get the tokens, implement the same way to handle refresh token as shown above.


0 Likes 0 ·
0 Likes 0 ·

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys