SoundCloud OAuth: Refresh token keeps failing / users become invalid #496
Description
I’m running into issues with refreshing SoundCloud users/tokens in my platform. After a relatively short period (a few days), users keep getting marked as false (invalid), even though I’m trying to strictly follow SoundCloud’s recommended token refresh flow.
According to the SoundCloud docs:
Access tokens expire after ~1 hour and need to be refreshed periodically using the refresh_token.
Each refresh_token can only be used once.
All clients are currently treated as confidential, meaning a client_secret is required.
Example from the docs:
curl -X POST "https://secure.soundcloud.com/oauth/token"
-H "accept: application/json; charset=utf-8"
-H "Content-Type: application/x-www-form-urlencoded"
--data-urlencode "grant_type=refresh_token"
--data-urlencode "client_id=YOUR_CLIENT_ID"
--data-urlencode "client_secret=YOUR_CLIENT_SECRET"
--data-urlencode "refresh_token=YOUR_TOKEN"
Despite this, I consistently end up with refresh errors, and at some point the user/token state flips to false. I suspect I’m missing something in the refresh logic or overall flow (e.g. token rotation, timing, or persistence of the new refresh token), but I can’t pinpoint it anymore.
Has anyone implemented a reliable SoundCloud token refresh flow and can help clarify the correct approach or common pitfalls? Any guidance would be hugely appreciated, I’m a bit stuck at this point.
Thanks in advance!