Hi there,
I have implemented OAuth for my application (using Python) and everything was working fine for several days. However, this morning I received this message in my email:
The "OAuth XXX" third-party integration's access to your Airtable account has been automatically revoked by Airtable due to security concerns around refresh token usage. This sometimes occurs due to misconfigurations of the third-party integration.
To continue using "OAuth testing" you may re-authorize it.
And these are responses I captures when tried to refresh a token (not sure if it's important, but just in case).
The first message I received on my server (when it failed) when I was trying to refresh a token:
{"error":"<!DOCTYPE html>\n\t<html>\n\t <head>\n\t\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n\t\t<meta charset=\"utf-8\">\n\t\t<title>Application Error</title>\n\t\t<sty
le media=\"screen\">\n\t\t html,body,iframe {\n\t\t\tmargin: 0;\n\t\t\tpadding: 0;\n\t\t }\n\t\t html,body {\n\t\t\theight: 100%;\n\t\t\toverflow: hidden;\n\t\t }\n\t\t iframe {\n\t\t\twidth: 100%;\
n\t\t\theight: 100%;\n\t\t\tborder: 0;\n\t\t }\n\t\t</style>\n\t </head>\n\t <body>\n\t\t<iframe src=\"//www.herokucdn.com/error-pages/application-error.html\"></iframe>\n\t </body>\n\t</html>"}
The second message I received on my server (when it failed after the first message):
{"error":"{\"error\":\"invalid_grant\",\"error_description\":\"Invalid token.\"}"}
And I am not sure why it got revoked as it was successfully running for several days. My only concern is I refresh my refresh token every 5 minutes instead of 55-60 minutes. Might these more frequent token refreshes cause this issue? I haven't found anything about rate limiting of those refreshes inside the AirTable OAuth documentation.
