Hello there,

I am working on a custom web application where we need to implement OAuth for third party integrations. We are using Pathfix to handle the OAuth process; but I have hit a few roadblocks and would appreciate some guidance from those with more experience using the platform.

I am trying to integrate OAuth for Google and Microsoft services.
The Pathfix SDK is installed; and I have followed the basic setup outlined in the documentation.
OAuth authentication is working in some cases; but I am facing issues with token expiration and refresh.
I have configured the redirect URIs and necessary credentials in the Google and Microsoft developer consoles.

After a successful authentication; the access tokens are expiring sooner than expected.
I am struggling to implement the token refresh mechanism properly through Pathfix. Even after following the steps in the docs; I am getting error messages related to invalid token requests.

Also, I have gone through this post; https://pathfix.com/tutorials/building-integrations-to-typeforms-oauth-apis-and-endpoints-minitab/ which definitely helped me out a lot.

Sometimes; I notice inconsistent behavior between different browsers; particularly Safari. Has anyone else experienced this; and if so; what is the best way to handle it?

Thanks in advance for your help and assistance.

Hi there! It sounds like you’re making great progress with your custom web application, but I understand how frustrating these issues can be. Let’s tackle them one by one.

Token Expiration and Refresh Issues

It’s great that you’ve already configured the redirect URIs and credentials. Here are a few additional steps to ensure the token refresh mechanism works smoothly:

1. Verify Token Handling: Ensure that your application correctly handles the refresh_token parameter. When the access token expires, your application should send a POST request to the token endpoint with grant_type=refresh_token and the refresh token.
2. Check Token Lifespan: Confirm the lifespan of both access and refresh tokens provided by Google and Microsoft. Sometimes, tokens may expire sooner than expected due to specific policies.
3. Error Handling: Implement robust error handling to catch and respond to token-related errors, such as invalid_token. This will help you identify and address issues more effectively.
4. Secure Storage: Store tokens securely and ensure they are accessible only by your application. This can prevent unauthorized access and potential token misuse.