Page 1 of 1

Restriction on getting new refresh token while getting access token

Posted: Tue Feb 06, 2018 6:28 am
by arockiajerald
The access token expired we make the API to bullhorn for getting new access token with old refresh token .This time bullhorn return new access token with new refresh token (as per bullhorn OAuth documentation).Is there any way to avoid getting a new refresh token? (that means my old refresh token remain active)

Re: Restriction on getting new refresh token while getting access token

Posted: Tue Feb 06, 2018 1:39 pm
by rmunro
Hi Jerald,

You would have to use the new refresh token that is provided with the response as the old refresh token will not remain active after a new token has been granted.

Regards,

Re: Restriction on getting new refresh token while getting access token

Posted: Tue Feb 20, 2018 2:50 am
by arockiajerald
For the concurrent API(parallel api calls ) call i am facing refresh token invalidated issue .How to fix this ?

Re: Restriction on getting new refresh token while getting access token

Posted: Wed Feb 21, 2018 4:58 pm
by ColinC
Hi Jerald,

Only one refresh token can be valid at a time. As soon as a refresh token is used it generates a new refresh token with a login.

Kind regards,
Colin

Re: Restriction on getting new refresh token while getting access token

Posted: Mon Mar 19, 2018 5:29 pm
by DaveNorthCreek
This has been thought about before on this forum. The solutions were
1) to have multiple simultaneous logins with all of that overhead, so each process maintains its own connection to Bullhorn, or
2) to have a singleton that supplies the Bullhorn Rest Token to all processes. On any process (client) getting a token expiry, the process makes a blocking call to the singleton to get a new BhRestToken. All other clients will expire on their next call to Bullhorn, so they will need to ask for a new BhRestToken as well, but since the first process initiated a refresh, the token they get will be current.

So you have to make sure that the singleton blocks all Bullhorn calls while doing the refresh. I would do that by making the clients ask for the BhRestToken on every call (don't cache it) and then if a refresh is needed, make them wait until the refresh returns to get the BhRestToken.

Implementation of that is language- and server-specific, but hopefully that helps.

Dave Block
North Creek Consulting, Inc.
https://northcreek.ca