Hey guys,
Hopefully I can get some help on the topic.
Currently we use Authorization Code to generate an Access Token.
We help the client setup a new Connected Application
In the Flow, we choose Authorization Code
We setup a new Shared Secret and we set the Redirect URI to be our server
from our application we store the Clients URL, ClientID and Shared Secret and use them as follows
We then load the following URL on the client side
https://*CLIENT_URL/identity/connect/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&scope=api offline_access&state=CLIENT_CODE
This redirects the client to the website asking them to authorize.
Once done, the client is redirected to our server and the server will store the following
access_token
expires_in
refresh_token
When the access token has expires, we then use the stored refresh_token to generate access_token like this
Method: POST
https://*CLIENT_URL/identity/connect/token
Post Data
client_id: CLIENT_ID
client_secret: CLIENT_SECRET
refresh_token: REFRESH_TOKEN
grant_type: refresh_token
This will return back a new access_token, expires_in and refresh_token.
We are finding that clients are recieving the below error at different times, sometimes it can work for 2 weeks, other times only 3-4 days.
{"error":"invalid_grant"}
Is there something we are doing wrong here or is there an alternative way to get a new Access token without having to repeat the process of having the client Re-authorize?