Problem Statement
A user couldn’t retrieve an Access Token with their Refresh Token. Refresh Token is expired before the lifetime or without expiration at all. Also, there is no Rotation or security breach associated.
Troubleshooting
- Check the application RT configuration
- Check the logs related to that user
- Check the logs for failed exchanges and resource cleanups
Cause
The Refresh Token is reaching a maximum in our DB (currently: 200). After this accumulation, our server is erasing the older ones.
Solution
If you want to keep using older tokens, you must detect this error and retry. Or you can change your Refresh Token configuration. Using Rotation and lifetime values will work better and safer.