Access code expiring

Access code expiring spontaneously and not allowing the Refresh to work.
For example, the following key 3gTZQUkmbZ9pX96tuyJyG4X4o4UMpvAC suddenly stopped working without the refresh working as well.
It's a recurring issue. Could you please look into this key and investigate the results?

Thank you.
1 person has
this problem
+1
Reply
  • MarkK (API Architect) July 08, 2014 20:46
    Sounds you like you might not be using your tokens properly.

    Access tokens expire after 1 hour, and you must use the matching refresh you received with your access token to refresh it. After you refresh, you receive your new access and refresh token. Using the access token immediately expires the previous refresh token.

    Sounds like you are holding onto the old refresh token rather than the new, and using it in an attempt to refresh.

    Please read https://www.ecobee.com/home/developer...
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited sad, anxious, confused, frustrated

  • Mark:

    We are following the exact mechanization that is being described in the documentation. The issue, does not appear until few days later.. so obviously the mechanization is working initially but fails at a later stage.
    Could you please review the logs of the access code I've provided you with?

    Thanks,
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited sad, anxious, confused, frustrated

  • MarkK (API Architect) July 08, 2014 21:14
    Hi,

    I took a look at the logs. I see you making requests using that token, but nowhere do I see that you attempted to refresh it. At 2014-07-08 06:09:40 (UTC) I see you started getting the token expired error. At no time after that do I see an attempt at token refresh using the matching refresh token.

    I am not posting the refresh token here because it is still valid till next year, meaning it was not refreshed yet, as it would be expiring in 14 days if it was. This tells me you never attempted to refresh it.

    Do you have a failed refresh message in your logs? What token did you use to attempt the refresh with? You can email it to developer.....a.. t.... ecobee..... com.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited sad, anxious, confused, frustrated

  • Mark:

    Do you know if there is a limit of how many requests can come to the server? We believe the issue might be the server blocking the ip address of the device since it has many thermostats that are being queried using the same key.

    Please advise,
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited sad, anxious, confused, frustrated

  • MarkK (API Architect) July 09, 2014 15:12
    Hi,

    We do not block IPs on our end automatically. I've been looking through the logs, not only yours but in general as well, and noticed a couple of things:

    There was a patch pushed on Monday, July 7th which addressed an issue an infrequent database connection issue we had. Prior to Monday, I noticed we had a few such errors occur during token refresh prior to that, though I see no such incidences since the patch. This may account for your loss of tokens and your failure to refresh occasionally.

    I think your refresh logic might need to be augmented. You should retry refreshing a token unless you get the "invalid client" error. If you get any error other than that, you should retry a few times. This may be a timeout, or some other intermittent issue. I would say try 3-5 times, then give up and drop the tokens to re-authorize again. This will make your app more robust and resistant to the tyranny of the network and server load.

    The other things I noticed is how you use the API and how it can be improved.

    1) I see your app is making a single thermostatSummary call per thermostat for each thermostat a user has. You make 3 thermostatSummary calls for a single user who has 3 thermostats. You can ask for all 3 in a single thermostatSummary call and should, as it affects your request quotas.

    2) You obtain separate tokens for each thermostat you are operating on. I see the same user's requests coming in with a different access token for each thermostat. Again, this causes 3 requests where you could be making one, not including the refresh requests as well. It also means your user must authorize every single thermostat, which is 3 authorizations when setting up your app. You can simplify this and reduce the number of calls at the same time.

    Let us know if you continue having token refresh issues going forward.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited sad, anxious, confused, frustrated