If clients of TrueLayer send too many requests for a token refresh within a short amount of time (same second, for example), this creates a concurrency issue and the most recent and valid bank refresh_token gets lost.
Although TrueLayer refresh_tokens are stable and don’t change (only our access_token does), we perform a similar token refresh with the provider (bank).
Usually, providers’ refresh_tokens change after every request. This means that only the latest access_token and refresh_token is valid. TrueLayer clients and users don’t have to worry about this as they do not receive these tokens directly.
Solution
Consider refreshing tokens only before a request for data and only once.
If your users are affected by this, please ask them to reconnect.
Comments
0 comments
Please sign in to leave a comment.