5

For Stack Overflow Extras (SOX), a few users and myself have seen our access tokens being invalidated very often without any apparent reason.

We aren't requesting new tokens (which would invalidate the previous tokens automatically) and aren't manually revoking them either.

Is there any reason why these are being invalidated themselves?

Also, is there a way to get multiple access tokens for the same application? Currently, I'm allowing users to paste in access tokens from computers they have the userscript installed on so they only request one.

I can't think of any reason why it should happen. Is this a known bug? Or am I doing something stupid?

6
  • I upvoted because I think I sometimes see a similar problem (and this may all be related to how SEDE loses your login "every other visit"). But this technically should be closed for lack of an MCVE. ;) Commented Jan 1, 2017 at 18:24
  • @BrockAdams lol I genuinely was thinking of adding one but it's impossible :P looks like it is a bug then, but there isn't any real way for us to debug this is there? can we access data on our application's token's? as in, can we see a history of users requesting tokens or something? that would help I think Commented Jan 1, 2017 at 18:26
  • It galls me that API posts are there, but I wouldn't blame you one bit for posting both places. As you said, API stuff gets much more love on MetaSE. Also, your stats are at stackapps.com/apps/oauth . Then click your app listing. Then click the "Authentication Statistics" link in the righthand column. Commented Jan 1, 2017 at 18:31
  • @BrockAdams I'll post there tomorrow, I think I should give it at least a day! :P now that's weird, the stats link shows me that the 'app removed user' is always 0, which suggests it's never auto-invalidated, which seems wrong :/ Commented Jan 1, 2017 at 18:46
  • @BrockAdams sorry, this was entirely my fault. The problem was that I was getting the default expiry of 24 hours which meant users needed to get a new access token every day. Getting a no_expiry token seems to have fixed it. No bug here. Could it be you had the same problem when you faced this issue in the past? :/ Commented Jan 2, 2017 at 18:52
  • Hmmm that's weird then :/ I guess it's worth just keeping it in the back of your mind in case it pops up again... Commented Jan 2, 2017 at 19:30

1 Answer 1

3

Turns out this is completely my fault :/

I overlooked the expiry aspect of the access token which meant that I got the default 86399 seconds (~24 hours), which meant my users had to get a new access token every day.

Because this is a userscript which is used daily, it makes sense to have a no_expiry scope so that the user doesn't have to repeatedly authorize the application.

If anybody else faces this problem: check your expiry!!

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .