Timeouts on OAuth refresh token but access token still works

Hi, I am updating my access token every 29 hours, but recently noticed that it never seems to change. Tracking my OAuth function, I see time-outs on every post message, yet my old, presumably expired access tokens still work. So what’s wrong?

Hi @renepeeren, could you please tell me what kind of integration are you working with? Or are you referring to the Personal Access Token? Thanks.

Hi Ivan, I don’t think we use PATs. The reason why I am not certain is that a colleague worked on this before but left us, and I am trying to take over, still learning. I don’t have access to his account yet (which is another problem I have to solve) but in our AWS application we have refresh tokens and access tokens stored for each hub, and the application sends a request for a new token every 23 hours. So at one stage we used refresh tokens. I think there may be an option in OAuth not to use refresh tokens (true?), maybe he set that up before he left. I think it is unlikely that he set up PATs as I understand it he would have to have done that separately for all hubs we have connected to the system but as said, until I have access to his account (where presumably I can see such things) I can’t be certain. Any help greatly appreciated, although it doesn’t cause problems yet I.am slightly concerned it might at any time, and I’m not sure how long it will take me to get access to his account!

Hi, it says this post thread has been solved? Anyway, I understand now why I am still getting data (because we have not used any request yet that requires an access token) but still not why we get timeouts on the request for a new access token. I managed to get access to the Smartthings developer workspace for the relevant account (by temporary re-creating the original e-mail address and then changing it in the profile to my address). This reply is sent from that account. I went into “External Applications” (I think that is what is meant by “integration?”), I can see the App ID and Client ID and verified that that we indeed use those to get the refresh token. The address we send it to is https://auth-global.api.smartthings.com/oauth/token . Client Secret is not visible so maybe that was changed, although in that case I imagine we would still get a response, whereas we are getting a time-out. So, I suspect it does use refresh tokens and that clearly now the access and refresh tokens I have have expired but I can’t find in the workspace where I can check that, or how I can restart the process. Any help please?

Tagging @AlejandroPadilla : possible connection error

Hi @renepeeren, you can take a look into this documentation for getting information about your OAuth integrations.

Thanks Ivan, that may come in handy. I will first check all the settings in my environment, there may be a security setting or something that might not have been set up properly (although it used to work and I have not changed anything), but I first have to familiarise myself a bit more with that part of AWS. I will post here how I am getting on. From Refresh Tokens - OAuth 2.0 Simplified I understand that once the comms are working again, then given that the refresh tokens have expired, I will have to uninstall and re-install the app again for all users, there is no shortcut?

Hi @renepeeren, actually that question I’m not able to answer because is out of our scope. But, anything else feel free to ask.

Hi,
There were some errors in my AWS Lambda configuration that I have now fixed. But my refresh requests produces errors. I tried to send the request to https://auth-global.api.smartthings.com, https://auth-global.api.smartthings.com/oauth/token, as well as Samsung account, which was the one originally used to get the first access token. On Samsung account I get status code 404 (Not found), I think ST is no longer using that url? I get 302 (found, but temporarily moved) on curl. On the other URLs I get AxiosError: getaddrinfo ENOTFOUND oauth-direct.stinternal.net. It appears as if the response is from a redirect to an address that cannot be found, and indeed I checked it and it does not seem to exist. No such error with curl: it produces 401 i.e. not authorized, but I’m not sure how to interpret that: it could mean that the refresh token has expired, which is extremely likely (I regenerated the client secret just to make sure that that wasn’t the reason), but it also generates this if I do not encode the fields (base64, urlencode).

This is the js code to create the message:

let data = new URLSearchParams({
‘grant_type’: ‘refresh_token’,
‘refresh_token’: item.refresh_token
}).toString()

    // combine the data 
    let message = {
        method: 'post',
          url: 'https://auth-global.api.smartthings.com/oauth/token',

// url: ‘https://api.smartthings.com/v1/oauth/token’,
// url: ‘https://auth-global.api.smartthings.com’,
headers: {
Authorization: 'Basic ’ + btoa(process.env.CLIENT_ID) + ‘:’ + btoa(process.env.CLIENT_SECRET),
‘Content-Type’: ‘application/x-www-form-urlencoded’
},
data : encodeURIComponent(data)
};

This is what the error log tells me about the message that was sent:
headers: Object [AxiosHeaders] {
Accept: ‘application/json, text/plain, /’,
‘Content-Type’: ‘application/x-www-form-urlencoded’,
Authorization: ‘Basic XXX:YYY’,
‘User-Agent’: ‘axios/1.6.2’,
‘Content-Length’: ‘81’,
‘Accept-Encoding’: ‘gzip, compress, deflate, br’
},
method: ‘post’,
url: ‘https://auth-global.api.smartthings.com/oauth/token’,
data: ‘grant_type%3Drefresh_token%26refresh_token%3Dd32e2874-a84f-400d-ad16-5d1ec40cfbb5’

This is the curl:
curl -X POST https://auth-global.api.smartthings.com/oauth/token --header “Authorization: Basic XXX:YYY” --header “Content-Type: application/x-www-form-urlencoded” --data-urlencode “grant_type=refresh_token” --data-urlencode “refresh_token=d32e2874-a84f-400d-ad16-5d1ec40cfbb5” -w “Code: %{response_code}\n”

Note that I use the refresh code of one of our registered users and for whom we are receiving data. Our application appears as a “linked service” on their app, but the API documentation only refers to “Service” or “Connected Service”, neither of which shows on the mobile app. It shows as external application in my workspace. Users are not visible in my workspace (why not?) and the refresh tokens of all our users have almost certainly expired. My first priority is to make sure that I can actually send a a valid refresh i.e. get rid of the error on oauth-direct.stinternal.net that seems to originate from smartthings.

Any help greatly appreciated,