Help

How often should I refresh Oauth Refresh / Access Token?

Topic Labels: API
1152 1
cancel
Showing results for 
Search instead for 
Did you mean: 
Taylor_Facen1
4 - Data Explorer
4 - Data Explorer

Hi, my app Finta is using the new Oauth authentication. Right now, my method is that for every request, check to see if the access token has expired or will expire within the next 10 minutes. If so, request a new access token and then proceed. I'm running into an issue where my app attempts to refresh the user's access token potentially multiple times at the same time. For example, my user might request to see their Airtable bases on the frontend at the same time that a function on the backend performs an action that requires using the user's credentials.

Unfortunately, Airtable revoke's a user's refresh token if it's used more than once 😞

How are other people solving for this? My initial thought is to just create a cron job that runs every 10 minutes that checks to see if any access tokens are expiring soon. If so, refresh. That way, my main application functions won't collide. 

1 Reply 1
Rupert_Hoffsch1
10 - Mercury
10 - Mercury

Hi! Access tokens are valid for 60 minutes, so no need to check every 10 minutes. I'm strictly comparing my stored access token to those 60 minutes and will refresh the token if currentTime > 60 minutes since the token has been issued.

W.r.t. refresh tokens: You just have to make sure to also store the new refresh token which you'll also get back from while refreshing the access token. That way, you never use the same token twice.

Hope that helps!