Refresh Token Expiration Timestamp in "Refresh Grants" Request #927

bennobuilder · 2023-03-23T16:40:08Z

bennobuilder
Mar 23, 2023

Hey there,
It would be beneficial if the API response for the "Refresh Grants" API request included the expiration timestamp of the refresh token.

Example from Etsy Docs:

{
    "access_token": "12345678.O1zLuwveeKjpIqCQFfmR-PaMMpBmagH6DljRAkK9qt05OtRKiANJOyZlMx3WQ_o2FdComQGuoiAWy3dxyGI4Ke_76PR",
    "token_type": "Bearer",
    "expires_in": 86400,
    "refresh_token": "12345678.JNGIJtvLmwfDMhlYoOJl8aLR1BWottyHC6yhNcET-eC7RogSR5e1GTIXGrgrelWZalvh3YvvyLfKYYqvymd-u37Sjtx",
    "refresh_token_expires_at": "<some_timestamp>" // <--
}

Why would this be useful for me?
Since Etsy doesn't support the "Client Credentials" Flow, I set the refresh token as an environment variable in my backend app. As the refresh token is only valid for 90 days,
I would like to know (without hardcoding) when it expires to send some sort of notification, so I can create a new refresh token manually. By including the expiration timestamp in the API response, it would allow for better tracking and management of token expiration, ultimately improving the overall user experience.

Thanks :)

PMStanley · 2023-03-23T19:19:07Z

PMStanley
Mar 23, 2023

Any reason why you can't just record the timestamp when you receive the token?

You get a new refresh token whenever you use the current one to get a new access token so you should be rotating them at time of use.

3 replies

bennobuilder Mar 24, 2023
Author

yeah I'm doing that right now.. but as I've received the same refresh token (when building a poc) a while ago, which makes sense as the refresh token is still valid. However, now I'm wondering when this refresh token will expire.
Maybe the best option will be to revoke the access and create a new refresh token. But I couldn't find where I can revoke the access in my etsy settings (and thus get a new refresh token that is valid again for 90 days) or ask for a new refresh token because if I do the code challenge again (while the other refresh token is still valid) I always receive the same (old) refresh token and not a new one. any ideas. thanks :)

bennobuilder Mar 24, 2023
Author

ok anyway it seems like I didn't look close enough as the newly requested refresh tokens are actually different, and thus these new refresh token should life 90 days.. It started with the same number, maybe some app or user id or so.

Ok then I will continue saving the timestamp in an environment variable too.

thanks :)

PMStanley Mar 24, 2023

Yes, it's the user ID of the user the tokens belong to: https://developer.etsy.com/documentation/essentials/authentication

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Refresh Token Expiration Timestamp in "Refresh Grants" Request #927

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment 3 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Refresh Token Expiration Timestamp in "Refresh Grants" Request #927

Uh oh!

Uh oh!

bennobuilder Mar 23, 2023

Replies: 1 comment · 3 replies

Uh oh!

PMStanley Mar 23, 2023

Uh oh!

Uh oh!

bennobuilder Mar 24, 2023 Author

Uh oh!

bennobuilder Mar 24, 2023 Author

Uh oh!

PMStanley Mar 24, 2023

bennobuilder
Mar 23, 2023

Replies: 1 comment 3 replies

PMStanley
Mar 23, 2023

bennobuilder Mar 24, 2023
Author

bennobuilder Mar 24, 2023
Author