Using a refresh token does not return a new refresh_token

Question

When I use the Generate and Validate Tokens endpoint with an Authorization Grant Code, the endpoint returns a refresh_token and id_token among other things.

When the id_token expires, I can use the refresh_token to create a new one.

However, when I use the refresh token on this endpoint, it doesn't return a new refresh_token. Why is that?

2.4k

Posted by

davisengeler

Reply

Add a Comment

Answer 1

Hi, did you solve the issue?
I'm getting the same problem... when validating a refreshtoken I get a tokenResponse with accesstoken and without refreshtoken. It seems reasonable except when I try to validate again the same refreshtoken I receive an "invalid_grant" error

Posted by

cristianocucco

Add a Comment

Answer 2

Yeah I'm getting the same issue too. It's frustrating because I looked through and am posting everything as Apple wants:

Code Block  {
grant_type: 'refresh_token',
refresh_token: myRefreshToken,
redirect_uri: myRedirectUri,
client_id: myClientId, 
client_secret: mySecretToken,
}

and it doesn't send back a new refresh_token in its response. And I also tried using the accessToken that's returned in the response and get a 400 error status code. I really don't know what I'm doing wrong if I'm missing something, or if Apple just has an error there.

Posted by

tr-stan

Add a Comment

Answer 3

Because the original refresh token never expires, you can use it over and over until user revokes acces to app or changes password

Posted by

biodi101

Add a Comment

Answer 4

Original refresh token never expires, agreed. But it can be invalidated by making changes to user profile. After such user actions, Apple will return invalid_grant. So far so good. But why is there a throttle limit of one request per day. Moreover access token issued by Apple expires in 3600 seconds.

Posted by

Contoso

Add a Comment

Using a refresh token does not return a new refresh_token

Replies