question

Tony Valenti avatar image
Tony Valenti asked Phong Vu commented

Refresh Tokens - Are they supposed to change?

When calling Refresh(RefreshToken) I expect that a new access token is provided but it looks like a whole new refresh token is being provided too. Is that intentional?

authenticationauth
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Anirban avatar image
Anirban answered Phong Vu commented

Yes, if you generate an access token from a refresh token in exchange the refresh token get expired so that no more access token can be generated from that same refresh token.

However, it can be used as long as the access token remains active and get expired once a new access token gets generated.

3 comments
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Phong Vu avatar image Phong Vu ♦♦ commented ·

This is incorrect!

0 Likes 0 ·
Anirban avatar image Anirban Phong Vu ♦♦ commented ·

What is the incorrect thing in this @Phong Vu? If you use a refresh token to generate a new access token, that refresh token get expired. It will generate a new refresh token valid again for 7 days along with access token valid again for 3600 seconds. I am not sure if this is incorrect

0 Likes 0 ·
Phong Vu avatar image Phong Vu ♦♦ Anirban commented ·

My bad about the incorrect message. I got what he asked and you meant now. However, using the word "a refresh token get expired" after refreshing a token is mixing with the situation where the refresh token is expired. The correct statement is that after refreshing an access token, the old refresh token is revoked and a new refresh token with max expiration time is issued.

0 Likes 0 ·
Tony Valenti avatar image
Tony Valenti answered Phong Vu commented

@Anirban Sen Chowdhary -

Is there a type of refresh token that is persistent? One that won't change every time?

I'm trying to avoid concurrent uses of our app stepping on each other's toes when it comes to the refresh token.

1 comment
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Phong Vu avatar image Phong Vu ♦♦ commented ·

The answer is no. If your are using password flow and want to share the access token between all users, you have to manage the token refresh process in a way that other users will have access to the latest tokens.

If you are using 3-legged authorization, each user's login will have its own access and refresh tokens.

0 Likes 0 ·
Phong Vu avatar image
Phong Vu answered Phong Vu edited

Every time you use a valid/unexpired refresh token to exchange for a new access token, you will get a new access token and a new refresh token. The new access token will be valid again for 3600 seconds and the new refresh token will be valid again for 7 days. This helps you avoid re-login as long as you handle this well and your refresh token is not expired.

1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Tony Valenti avatar image
Tony Valenti answered Phong Vu commented

@Phong Vu is there a way to get a new access token without refreshing the refresh token?

1 comment
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Phong Vu avatar image Phong Vu ♦♦ commented ·

I already answered above.

The answer is no. If your are using password flow and want to share the access token between all users, you have to manage the token refresh process in a way that other users will have access to the latest tokens.

If you are using 3-legged authorization, each user's login will have its own access and refresh tokens.

0 Likes 0 ·

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys