Making a small application in PHP for a project, I have to ask users to authenticate to the application using their SalesForce account.
I redirect them to the login page, with the correct client_id, and the callback is well triggered. I get the code, and do an API call to get the access_code.
At first run, it works well, the user gets prompted to log in, and the token request provides me a valid access_code; But after a few hours, If the user reconnects using the button "log in with SalesForce", it gets me the same access_token as before, which is now invalid, triggering the following error while trying to access any API data:
[
{
"message": "Session expired or invalid",
"errorCode": "INVALID_SESSION_ID"
}
]
The token requests outputs me something like that:
{
"access_token": "00D0Y00...!ARU...PL03x",
"signature": "aQuiteWellEncodedString=",
"scope": "full",
"id_token": "very-long-id-token",
"instance_url": "https://eu11.salesforce.com",
"id": "https://login.salesforce.com/id/00D0Y000something/0050Y0000something",
"token_type": "Bearer",
"issued_at": "1481640159252"
}
The thing is, the connected app is set as 30m Session expiry, yet the token sent after even 2 or 3 hours is still the same;
Where when I use a new access_token (another connected app freshly made) the same request (except for the Authorization header to suit the new one), it works just well.
The connected app is set to Full Access, and the dummy call is sent as a GET, to
https://eu11.salesforce.com/services/data/v38.0/sobjects/Account/describe
The calls have been tested from cURL request, Postman (Chrome extension) and directly from Application code, with the same result.
Best Answer
Maybe try to refresh the token since the token does have an expiration. I think 120 min.
https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_understanding_refresh_token_oauth.htm
I'm new to Salesforce but had just used Postman to test a connected app also. Kept getting this same error until I request a new token and pass that in the new post.