OAuth2 Refresh Token is Revoked?

[Dave Shawley]

I work on an integration created by AWeber Communications that we transitioned from V2 to V3 a few months ago.  We refresh the OAuth 2 tokens regularly and store both the resulting access & refresh tokens when a refresh occurs.  We have been receiving the following response from the token refresh endpoint:

{
  "error": "invalid_grant",
  "error_description": "refresh_token is revoked"
}

Does anyone know exactly why this happens?  I don't believe that the customer has disconnected the application from within https://www.etsy.com/your/shops/me/integrations/installed but I'm still waiting for confirmation on that.

Do refresh tokens eventually stop working for a specific connection?  We refresh the tokens regularly (several times a day IIRC) so the refresh token is one that was returned from a recent refresh.  I'm starting to wonder if a connected integration can only be refreshed some number of times before requiring the user to explicitly reauthorize the integration.

Any help would be appreciated.  I tried to file an issue with the help.etsy.com but it is unclear whether this would be help selling or help buying.  The issue was ultimately closed without a response :(

Thanks in advance, dave.

--

Dave Shawley

he, him, his | Technical Lead | AWeber Communications, Inc.

[david olick]

I just started investigating this issue as well.

We started receiving these at least a few weeks ago and from what I can currently tell, the user's v2 tokens work perfectly fine.  When trying to convert them to v3 we get a token_revoked error.

If I find out more/better information, I'll update this.

--
You received this message because you are subscribed to the Google Groups "Etsy API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to etsy-api-v2...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/etsy-api-v2/6f2d816c-5e11-44a1-8f56-0208589942dan%40googlegroups.com.

[Amit Shukla]

Hi Dave, 
i'd like to suggest to check V3 git repo for this concern, we are also getting same issue from 15th June. 
https://github.com/etsy/open-api/issues/519
thanks

[Giovanni Alberto]

https://github.com/etsy/open-api/issues/549

Giovanni Alberto García

--

[Ambikesh Kumar Gautam]

Hi Dave Shawley,
You can follow these steps in order to get the token and Refresh token.
Step 1:- You'll need to redirect to the Oauth https://www.etsy.com/oauth/connect?response_type=code&redirect_uri=$redirect_uri&scope=$scopes&client_id=$client_id&state=$verifier&code_challenge=$code_challenge&code_challenge_method=S256 with your all scrops whatever consent you wanna from the seller.
Step 2:- You'll get "State" and "code" ( verifier ).
Step 3:- You'll need to request again for the access token here https://api.etsy.com/v3/public/oauth/token with the following state and verifier.
Step 4:- You'll get an Access token after requesting the above URL.
Step 5:- After getting the Access token you can request the same for the refresh token as well.

I hope these steps will help you to understand refreshing the access token, If you wanna know About refresh tokens and their life-time you can see here https://groups.google.com/g/etsy-api-v2/c/38fvNLESTQI


Thanks

--

[Dave Shawley]

Thank you very much.  We have been receiving the same errors since the middle of June as well.

[Gareth Doherty]

Updates from Etsy are happening here:  [BUG]: Invalid API Key · Issue #561 · etsy/open-api (github.com)