Hi @systemProc @seanbuffer ,
I learned we don’t use token tolerance mechanism for OAuth apps now.
A refresh token can be used to fetch a new access token and refresh token again and again until it expires after 90 days. The refresh token does not becomes invalid after it is used to fetch a new access token and new refresh token. The refresh token becomes invalid only in these three conditions:
- refresh tokens expired ( after 90 days)
- customer uninstalls the app
- customer reauthorized the app
They checked the 15 day call log for the client id and saw some API calls to fetch a new access token using the refresh token failed because either of the following reasons:
- User has reauthorized but customer made the API call with old refresh token. Since user has reauthorized that old refresh token is revoked or became invalid now.
- Incorrect refresh token value. The refresh token sent in API call doesn’t have valid JSON format.