refresh_token flow always returns expired access/refresh token

I’m trying to get the refresh_token flow working to obtain a new access token but I always get this error:

{"error_description":"expired access/refresh token","error":"invalid_grant"}

I’m authenticating with “refresh_token api” as my scope using the web server flow with salesforce. As I’ve seen in other posts, I’ve made sure my application is configured to allow users to reuse the app without being forced to log in again. My CURL command to request the new token looks like this:

curl -v -X POST -d "grant_type=refresh_token&refresh_token=$refresh_token=&client_id=$client_id&client_secret=$client_secret"

with the correct strings interpolated of course. Any ideas what I might be doing wrong>


I noticed that you have “” hardcoded. As Phil mentioned in his comment, you should verify that this is the correct endpoint for the token you are using. For production, you should use “” so you may need logic to switch this as needed.

Additionally, you should check the values of the variables being used and the final output string to see if there is a URL encoding issue. For example, the additional “=” in your parameter string after “$refresh_token” will likely cause an issue:

curl -v -X POST -d “grant_type=refresh_token&refresh_token=$refresh_token=&client_id=$client_id&client_secret=$client_secret”

Source : Link , Question Author : sbilstein , Answer Author : vscuorzo

Leave a Comment