If clients of TrueLayer send too many requests for a token refresh within a short amount of time (same second, for example), this creates a concurrency issue and the most recent and valid bank refresh_token
gets lost.
Although TrueLayer refresh_tokens
are stable and don’t change (only our access_token
does), we perform a similar token refresh with the provider (bank).
Usually, providers’ refresh_tokens
change after every request. This means that only the latest access_token
and refresh_token
is valid. TrueLayer clients and users don’t have to worry about this as they do not receive these tokens directly.
Solution
Consider refreshing tokens only before a request for data and only once.
If your users are affected by this, please ask them to reconnect.
Comments
0 comments
Please sign in to leave a comment.