Getting Refresh token Error

I am using this code…

  	$infusionsoft = new \Infusionsoft\Infusionsoft(array(
		'clientId'     => '',
		'clientSecret' => '',
		'redirectUri'  =>  base_url().'app/infusionSoftAuth',
	));
   
	$sql = "select tokendata from pro_infusionsoft_token";
    $query = $this->db->query($sql);
	$result = $query->result();
	$tokendata = $result[0]->tokendata;


		// If the serialized token is available in the session storage, we tell the SDK
		// to use that token for subsequent requests.

	   $infusionsoft->setToken(unserialize($tokendata));
	   $tokentime = $infusionsoft->isTokenExpired();

		if($tokentime){ 
			$infusionsoft->refreshAccessToken();
    	 }


       return $infusionsoft;

I have saved token in my db like this –
O:18:“Infusionsoft\Token”:4:{s:11:“accessToken”;s:24:“TOKEN”;s:12:“refreshToken”;s:24:“TOKEN”;s:9:“endOfLife”;i:1505579389;s:9:“extraInfo”;a:2:{s:10:“token_type”;s:6:“bearer”;s:5:“scope”;s:27:“full|ha387.infusionsoft.com”;}}


After token expires I got below error —

An uncaught Exception was encountered

Type: Infusionsoft\Http\HttpException

Message: GuzzleHttp\Exception\ClientException: Client error: POST https://api.infusionsoft.com/token resulted in a 400 Bad Request response: {“error”:“invalid_grant”,“error_description”:“Invalid refresh token”} in /mnt/stor1-wc1-dfw1/390675/577427/www.proofcue.com/web/content/proofcue/application/libraries/infusionsoft/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113

Hi @Geek_Tech, while I’m trying to understand the issue, would you take a moment and look at this Github conversation and see if anything discussed there helps?

getting same error but with iSDK.php
{“error”:“invalid_grant”,“error_description”:“Invalid refresh token”}

That most likely means the refresh token was already used. We see people get this when the token refresh is not thread safe.

2 Likes

Yes i figured this out, its working now, thanks

Hi Brad,

Thank you for this insight. It’s given me some helpful direction.

I took over a laravel based app for a friend that is seeing this error. From his discussion, it tends to occur when he’s trying to log into a few accounts at a time in a browsing sessions. This sounds like it would line up with your statement. The original developer stored the token in a table entry and also in the session. API calls are made with the session token. In the event that there is a token expired exception, the call will try and update the token using the refresh token stored in the session.

Two questions for you.

Can you suggestion a “thread safe” approach for dealing with this token in sessions, and storing for later use?
I see that the refresh token method in the php sdk has no handling for this situation. Does it make sense to try and catch this error in my api wrapper, check the database for a difference in token from the session, and then either process an a refresh, or update?

Cheers

If it is still based in Laravel then you can use task scheduling to refresh and store in the database.

https://laravel.com/docs/5.6/scheduling#preventing-task-overlaps

I would then try and catch the token expired exception and grab the new token from the database.

2 Likes

Thanks for the suggestion. So I was stepping over an expired token call this morning with xdebug, and considering when the tokens expire. I see that the api returns a token that has a life of 1 day. So I started at how sessions were set in the app. Currently, the laravel sessions are being stored as files and with a session cookie to track. They expire every 120 minutes, and do not expire with browser close.

This got me thinking that with the current logic, all it would take is for the db token to expire mid day, a few people with existing sessions trying to make calls, and we’d have a slew of errors crop up.

Probably going to check the db token against session before the refresh and then look into the scheduling. Refreshing a one day token over night will be better than the heap of bs going on now.