In our application we use the Authorization Code Flow.

Our connected application runs multiples times a day and automatically uses the Refresh Token to receive new Access Tokens, but after 30 days, the Refresh Token is no longer accepted by Acumatica. The message returned by the server when sending the Refresh Token to get a new Access token is:

"error":"invalid_grant"

This logic would have been working for the previous 30 days.

I see that in 2023 R2, on the SM303010 form, there is “Refresh Tokens” section and an option to configure the Refresh Token lifetime (Absolute, Infinite, Sliding).

My question is, in 2023 R1 (and older), where SM303010 does not have the “Refresh Tokens” section, is there a lifetime “policy” implicitly in place for Refresh Tokens?

If there was an implicit Refresh Token absolute lifetime of 30 days (could not be configured) then this would explain to me why our logic to exchange the Refresh Token for a new Access Token would stop  working after 30 days. But if the implicit Refresh Token lifetime is Infinite, then I need to go back to the drawing board.

Any insight would be appreciated, thank you.

Ryan