function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Mike McMahonMike McMahon 

how to refresh or revoke access/refresh token, when no refresh token available?

I was working in my sandbox environment trying to figure out the API calls - i had saved my refresh token during my testing but it was lost sometime later during my testing. 

 

Now when I try to hit the API i am receiving: 

 

"expired access/refresh token" 

 

How do I get around this now?  I do not have a refresh token so i cannot make a request to refresh my token, and i'm not sure how to expire / delete / revoke it via the UI so that I can proceed with my testing.  

 

 

my cUrl call is as follows: 

 

 

curl
    --form client_id=3MVG92.u...2KycWe
    --form client_secret=668...930
    --form grant_type=password
    --form username=mike....com
    --form password=*#()@*#$@
  https://test.salesforce.com/services/oauth2/token --proxy 127.0.0.1:3128 --insecure

 

 

 

 

TheIntegratorTheIntegrator

Hi Mike,

 

The session lasts as long as its set in Setup->Administration Setup->Security Controls->Session Settings

 

By default, the timeout value is set to 2 hours. In case you have lost the refresh token, the code needs to re-authorize using response_type, client_id and return redirect_uri.

 

On successfuly authorization, another request with the authorization needs to be sent to the authorization server

https://login.salesforce.com/services/oauth2/token

 

The authorization server then responds with a new refresh_token and access_token among other information.

 

I suggest you go through http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com to understand these flows. Ideally, the code should be able to handle these flows automatically when tokens go missing.

 

Hope this helps.
Seth C.Seth C.

I don't think you really answered his question. I have the same issue. I failed to "take down" the refresh token when it was generated and I have no way of "starting over" because I can't

- request a new token, that fails

- request a refresh, that fails cause I don't have the refresh token

 

Thus the only way I've been able to "start over" is to use the My Personal Options -> Reset Security Token screen. This kind of sucks though because it forces me to use a new security token all around, and any other services I had connected to that token stop working. Wish there was a way to correct this issue using some sort of API / OATH call.