I'm facing a issue and I can't figure out how to fixed it.
This month (2021, June) started with a issue, the access token of several clients aren't refreshing, request is getting 400 Bad Request status:
{
"error": "invalid_grant",
"error_description": "expired access/refresh token"
}
I already check this out OAuth 2.0 Refresh Token Flow for Renewed Sessions (https://help.salesforce.com/articleView?id=sf.remoteaccess_oauth_refresh_token_flow.htm&type=5) and everything is as it is specified. I have also tried with this Postman Collection (https://www.postman.com/salesforce-developers/workspace/salesforce-developers/folder/12721794-6e2703c1-faa6-4898-a839-dd234c0be8c9?ctx=documentation) (Salesforce APIs > Auth > Refresh Token), just to check in case the backend's implementation was wrong, and I'm still getting the same error.
A couple days ago (when the issue was affecting only one client) I was digging down and found this [question][1] and this [note][2] in the docs, in where they say that "the default limit is five access tokens for each application" and "each connected app allows five unique approvals per user. After a fifth approval is made, the oldest approval is revoked". So, I supposed that the user was tried to refresh a invalid token because currently he hitting the five allows tokens, but now, more and more clients are having the same issue so there's no make sense, is not a single user problem, or perhaps, those clients reached the five allowed tokens?
Since I tried with the postman collection, I was wondering if it is possible that the costumer key and costumer secret have some type of expiration, and if yes, how can I validate that?
I really appreciate any help that you can give me, because I don't know what to do or expect. Hope you guys can tell me what is going on. Regards.
[1]: Connected App - avoiding a limit on a number of issued tokens + token expiration) [2]: https://help.salesforce.com/articleView?id=sf.remoteaccess_request_manage.htm&type=5
