Expiry of OAuth refresh tokens
Our authentication system no longer allows refresh tokens with an indefinite lifetime. They now expire after 90 days. Depending on the OAuth grant that you are using, there might be specific changes to your implementation that you must make.
If you use a resource owner password credentials grant
If your integration is created using the resource owner password credentials grant, no changes are required.
If you use a refresh token grant with C# Web SDK
If your integration is created using the refresh token grant, then changes might be required if the refresh token is never updated.
When a refresh token expires, your integration should automatically request a new one from the authentication server. If an expired refresh token is provided, Content Hub will return a HTTP 401 error, so you need to update your integration to securely store and manage refresh tokens, ensuring they are not exposed to unauthorized access.
If you use a refresh token grant without C# Web SDK
If your integration is created without using the C# Web SDK but it does use the refresh token grant, you must update the initial refresh token with the new refresh token returned in a successful token response.