[SalesForce] Marketing Cloud oAuth and Refresh token issues (RefreshToken Expires after first use)

Ok.There are questions about this but no answers. I am finding with ExactTarget the refreshToken expires when it is used (Which then I see no reason to use it at all since we would be using clientId and secret anyway).

My understanding of a refresh token is that it is a long term token that is used to obtain an Access Token when the access token has expired.

With salesforce I never have to request a new Refresh Token unless it was revoked.

Now,

I am doing an oAuth process with ExactTarget Marketing Cloud and the following is what I have Observed:

  1. Request Access Token type = 'Offline' Results in receiving an Access and Refresh Token
  2. When Access token Expires, using Refresh Token from #1 and no access type I receive a new access token

Here is where the issue occurs

It seems after #2 the refresh token is revoked as subsequent attempts to use it to get a new access token result in a 401 Unauthorized Error

They only way around this that I have found is to set the access type to 'offline' when using the refresh token to get a new access token. This results is receiving both a new Access and Refresh Token.

Q Is there a way to request a new Access Token using the Refresh token that does not cause the refresh token to expire? Should I just drop attempting to use a refresh token since it is of essentially no value if the above is true?

Am I thinking of this all wrong?

As for code, it all works fine, so more of a process question and validation that what I am seeing is correct before I go through the nightmare of contacting support.

I see no documentation as to the values for access type so for the record I have tried 'refreshToken' in step 2.

Endpoint being used is: https://auth.exacttargetapis.com/v1/requestToken

This can be replicated with your favorite REST Client by:

  1. Using ClientID and Client Secret and Offline Access type to get Access Token and Refresh Token
  2. Use Refresh Token to get New Access Token with no accessType set
  3. Repeat #2 with same refresh token and you will get 401 – Unauthorized

Best Answer

After speaking with someone at Salesforce they have confirmed that the refresh token is a one time use refresh token.

So to reduce code complexity I guess I will just have to drop the whole refresh token bit and just request an access token every time the access token expires. I do not see the point in a one time refresh token.