We are currently adapting our product to be able to use the Refinitiv Real-Time - Optimized.
We have the rrt_optimized.pdf and thanks to it we manage to do some stuff.
However, we have several questions about it :
- Refresh_token : is it submitted to expiration (like access_token) ?
We see that there is an expiration for access_token, Is there any expiration for the refresh_token ?
- Refresh_token : is there a renewal of the token (or not ?)
“Before expires_in is reached, the application is required to request a new <access_token> from the Refinitiv Data Platform gateway with
the previously received refresh_token, username, client_id, grant_type, and possibly takeExclusiveSignOn. The Refinitiv
Data Platform gateway responds with a new access_token, expires_in, and refresh_token.”
And in the OAuth 2.0 RFC RFC6749 it is specified that the refresh_token renewal is optional. So basically the Refinitiv Data Platform activates this renewal of the refresh_token, can you confirm ?
- Access_token : invalid token
In the RFC mentioned before we can see the following :
“Refresh tokens are issued to the client by the authorization server and are
used to obtain a new access token when the current access token
becomes invalid or expires
How can we know when an access_token is invalid ? Is there any specific error sent ? In which case can I get invalid token ? Scope change, etc. ?
- We will the refresh access_token proactively (before expiration of the token) to keep the datafeed without any break. Do you see any issue with this approach ?