OAuth2 refresh_token invalid strategy.

[2003crimson]

According to the documentation, requesting a refresh OAuth token provides a refresh_token that is valid for 90 days. However, my customer reported that many of his shops (nearly 20 shop accounts) experienced issues with my app key being invalid at the same time as my app. I discovered that my app attempted to obtain a new access_token using the refresh_token through the endpoint /v3/public/oauth/token, but it resulted in a 400 BAD REQUEST error with an empty body.

My customer mentioned that some of his invalidated shops had granted access for more than 90 days, with one even exceeding a year. This situation became quite problematic when he had to re-authorize his shops. Therefore, I am curious about the specific circumstances under which a refresh token becomes invalid. Additionally, I am concerned whether the refresh_token could become invalid if the API is not used for 24 hours, as I found some information regarding this issue at GitHub Discussion.

[turboturtleD]

Each time you use your access_token, the API provides a new refresh token. Are you continually saving the newest refresh_token each time you make an API request?

You should not have issues with your refresh_token after 24 hours of non-use.

I do believe some devs have had a few occasions where their token set was invalidated, however this seems rare, and I don’t believe there is any specific known cause.

[2003crimson]

Thank you for your reply. I have been using the initial refresh_token, and I will now attempt to use the refresh token you provided.