Skip to main content

It seems like a Zapier doesn’t fully implement the OAuth 2 flow, in regards to updating the refresh token. So the refresh token has to essentially live forever or you have to force customers to periodically update the refresh token?

 

We’re returning the refresh_token in the auth token refresh request as specified in the OAuth standards but Zapier doesn’t actually use the refres_token in a subsequent response. Can anyone confirm if Zapier supports refreshing the refresh token in perhaps some other way without user interaction?

 

   An example successful response:

     HTTP/1.1 200 OK
     Content-Type: application/json;charset=UTF-8
     Cache-Control: no-store
     Pragma: no-cache

     {
       "access_token":"2YotnFZFEjr1zCsicMWpAA",
       "token_type":"example",
       "expires_in":3600,
       "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
       "example_parameter":"example_value"
     }

 

Hi @Code Monkey ,

Zapier supports refreshing the access token in the OAuth flow. If the access token is not being automatically refreshed when it expires, take a look at the refresh token request code and ensure that everything is properly set up. Ensure that the following are set in the request code:

  • The refresh token is being sent in the body of the request (`bundle.authData.refresh_token`)
  • The correct grant_type has been specified
  • The URL/endpoint to refresh the token has been provided and is correct
  • The correct request method is specified

If all these have been confirmed and the issue still persists, then I would suggest that you reach out to our Developer Support team via https://developer.zapier.com/contact so that they can look further into the code.

Hope this helps,


I want to note that the problem described by the original author is still present, and it seems like @Osas misunderstood it.

 

This is the important part “but Zapier doesn’t actually use the refresh_token in a subsequent response.“ Zapier keeps re-using the previously valid refresh_token instead of getting the new one it from the response of auth token refresh request.

 

I also opened a ticket about this issue, it would be great to get it fixed.


Reply