In OAuth, how to reset the refresh_token in Freshdesk after it becomes INACTIVE at the source?


We are building an app which uses OAuth2 to authorize the user’s/agent’s account. For authorization we use keycloak. With right JWT access_token agent should be able to fetch data from our REST API.

When we publish application and install it on our account everything works seamlessly. We successfully login as agent, perform requests to our API. When token expires while using the app - freshdesk sends refresh_token to get new access_token and that case works perfectly!

The problem we are facing is that refresh_token can become INACTIVE after 10 hours. That means that refresh_token can’t be used for fetching a new access_token and that process should be initialized from beginning. What we got from our keycloak is {"error":"invalid_grant","error_description":"Token is not active"}. From what we see in our logs is that freshdesk always sends the same refresh_token.

Is there any way to clear credentials (access_token & refresh_token) stored in freshdesk? That would be a quick fix for our problem.

Here is our configuration:


  "client_id": "xxx",
  "client_secret": "xxx",
  "authorize_url": "https://<HOST>/auth/realms/sv-magic-platform/protocol/openid-connect/auth",
  "token_url": "https://<HOST>/auth/realms/sv-magic-platform/protocol/openid-connect/token",
  "token_type": "agent"

FDK logs:

FDK 59073: (proxy.js) Parsed https://<HOST>/api/reservation-service/reservations/XZFMHAXI-5 as {"protocol":"https:","slashes":true,"auth":null,"host":"<HOST>","port":null,"hostname":"<HOST>","hash":null,"search":null,"query":null,"pathname":"/api/reservation-service/reservations/XZFMHAXI-5","path":"/api/reservation-service/reservations/XZFMHAXI-5","href":"https://<HOST>/api/reservation-service/reservations/XZFMHAXI-5"}
FDK 59073: (proxy.js) Making proxy call with options as {"headers":{"Authorization":"Bearer <TOKEN>","Content-Type":"application/json"},"isOAuth":true,"url":"https://<HOST>/api/reservation-service/reservations/XZFMHAXI-5","method":"get","maxAttempts":1,"retryDelay":0,"timeout":5000}
FDK 59073: (proxy.js) Proxy came back with error as null, body as ""
FDK 59073: (proxy.js) Looking for "null" in application/json,application/xml,text/html,text/xml,application/jsonp,text/plain,application/javascript,application/vnd.api+json
FDK 59073: (oauth.js) Refreshing oauth tokens
FDK 59073: (oauth.js) Refreshed OAuth.

And what I saw in source code of FDK fdk/lib/routes/oauth2.js, in function refreshInit, is that if we have refresh_token in request, and if refresh process fails, than error is returned but credentials are never invalidated.