Blog

Tips and Tricks: Refreshing An Access Token

Over the last few months we've received great feedback from our developer community in regards to our platform updates in August. As part of these updates, we've standardized the lifespan of our access tokens to 60 days. Many developers have asked how they can seamlessly extend the life of the access token without needing the user to authenticate again. As long as the user is logged into LinkedIn and their current access token hasn't expired, you can fetch an access token with a 60 day lifespan the next time the user comes to your application.

Steps to Refresh Access Token

Since the user is already authenticated on LinkedIn and has already authorized your application, we'll return an access token with a refreshed 60 day life span seamlessly without forcing the user to login again

Now you have an access token that will live for an additional 60 days. When we return an access token, we also include an oauth_expires_in parameter. This parameter is simply the value of seconds in which the token will expire in.

Example of the access token response, including the oauth_expires_in parameter:

1
2
3
@params={:"oauth_token"=>"XXXXXXXXXXX", 
:oauth_token_secret=>"XXXXXXXXXXX", 
:oauth_expires_in=>"5184000"}

When the user first comes to your application, you can determine whether their token is close to becoming expired or not. Since refreshing a token will give you 60 days, it's unnecessary to refresh more than once during a user's session in your app. One economical approach would be to check the user's access token's expiration each time they use your application. If it's close to becoming expired, your app can go through the refresh steps. Otherwise, continue to use their existing access token.

For a more in-depth dive, check out our Authentication documentation. And as always, feel free to jump into the disucssions with other developers on our developer forums

-- Kamyar Mohager