Hi @bo.zhang,
Thanks for reaching out about this. This can happen for a few different reasons. These are the most common:
-
If a new access token is generated, both the previous access token and refresh token will become invalid. So you will need to update each of these tokens each time you request a new access token.
-
Another situation that can arise is if multiple requests are sent using the same refresh token within a short amount of time, a race condition may prevent all requests from going through successfully. In this case, if you are not able to update the refresh token at your end (this generally happens when you make multiple requests in a short amount of time), a recommended workaround would be to reauthorize the app.
-
If a user uninstalls the app by revoking the authentication, the refresh token will become invalid.
(Keep in mind that access tokens expire after one hour. Once expired, you will have to refresh a user’s access token. The purpose of the refresh token is to request a new access token. Although refresh tokens expire after 15 years, it becomes invalid after it is used to request a new access token. You will receive a new refresh token pair and an access token once you use the old refresh token. You will have to update these old values with new ones. These details are covered here as well.)
Let me know if you think one of these might be the case in your instance.
Thanks!
Will