Card #563 · Salesforce AppExchange
Token expiration and rotation issues in background jobs and embedded apps
Merchants and developers are experiencing disruptive full-page reloads in embedded apps and 401 Unauthorized errors in background jobs due to expired or stale access tokens. The issue often stems from in-memory session caching and race conditions during token rotation, causing scheduled tasks to fail.
Pain score
0.18/ 1.00 · weighted product of four components
Reach0.70distinct authors (log-normalized)
Recency1.00freshness decay, half-life months
Engagement0.38upvotes + comments, normalized
Monetization0.50willingness-to-pay cues in evidence
§ Evidence — 4 verified quotes
the app automatically reloads the whole page and redirects via exit-iframe to /auth to get a new token
offline access token is refreshed but some of the bg jobs are still using expired offline token and finally it ends up having unauthorized request to admin gql api
Any scheduled job after that (e.g., the next day) fail, which speaks to it potentially being an issue with how the vendor is handling rotating tokens.
The refresh inside unauthenticated.admin(shop) only updates the session row in your SessionStorage, but any worker that grabbed a session before the refresh is still holding the old object in memory
Comments are a Pro feature — join the conversation, share what you've shipped, hear what others are building.
Upgrade to Pro