I'm trying to exchange an authorization code for an access token and I'm getting a weird error about missing a "redirect_url" (which I thought was not even necessary for this part of the flow)
response: 200 {"error":{"code":400,"error":"invalid_request","error_description":"redirect_uri not specified","message":"invalid_request","details":[]}}
also, how long to the refresh_tokens last? can the original auth code be used to get a new refresh_token if it expires? (generally with other APIs they don't but in the docs they say it lasts about two weeks)
I'm starting to see Refresh Tokens expiring. This is what is described in the docs but, as patrick explained above, this should not happen. If this is the intended flow, how are we suppose to get a new refresh token? I've never seen another OAuth2 api that expired it's refresh tokens...
fwiw, do calls to refresh the access token sometimes return different refresh_tokens?
relevant section (no mention on how to get a new refresh token): "The refresh token can be used to obtain subsequent access tokens. Access tokens are short-lived. The app can get a new access_token by using the refresh_token obtained above. The lifetime of the refresh token that is returned by this call is controllable by the app. The default expiry time for the refresh token returned by this flow is two weeks. Using this flow, you can request a refresh token that is valid for a longer period by passing an expiration (in minutes) parameter during authorization. The refresh token that is returned may be valid for a shorter period than requested based on the maximum expiry time set by the user's organization or the platform."