Oauth Refresh Token and Session/IM Token

As per the documentation, one must use session keep-alive to keep the session active. So we do that 5 minutes before the expiry.

In parallel, the Oauth token's validity is also an hour and we do a refresh of the oauth token 5 minutes before the expiry. Whenever we refresh oauth token, and we call session keep alive it fails with status code 400, until we create a new session.

Does it mean that whenever you refresh a oauth token, we also need to create a new session? Or those two are unrelated.

Another question is whenever we create a new session, the comet notification api sends a disconnect message for the previous session, which we are not sure how to act upon. What is the correct sequence of call to keep the session going for longer duration.


1 Reply
  • Just verified that the Oauth token and Session/IM token are not related and you don't have to create a new session when oauth tokens are refreshed. Just keep alive will work. It was just that there was a bug in the keep alive code which was causing the 400 error.


Recent Posts

in Messenger IM SDK