Access Token expire

What is the access token expire duration in ERPNext. When request the new access token, it say it is one hour (3600 seconds), but if the token is exist more then 1 minute even refresh token is expiring. Why? Do some body has solution for this?

What i did is in the first authorization, the auth_code, refresh_token and access_token store in database. And when the access token is expire, then the take the refresh token from database and request for new access token.

But in my case if i request the new access token after one minute, then API is returning nothing. Why?

I am not at all informed on this topic.

But the code and comments may help to explain the behaviour to frame discussion -


The code refers to the IETF document for RFC6749 for eg

Bearer Token is not deleted unless revoked.

Access token/Refresh Token pair won’t be deleted unless it is explicitly revoked / deleted by system manager.

Access token will expire within an hour. Refresh token never expires

All long as Bearer token is in the database, refresh token is available to get a new access token.


Screenshot Steps just tried before posting, refresh token working. Is Frappe Server URL set? Is there problem with server time/timezone?

Step 1 Oauth Client must exist in Database

Step 2 Prepare Postman

Step 3 Request Token, sign in and allow access to resource

Step 4 Get Bearer Token

Step 5 Refresh Access Token

1 Like

Hi revant_one,

I want to set up oauth for android app to access api and I’ve followed your step but can’t get it worked.
Here’s what i did:
my server ip: eg:

OAuth Provider Setting:
Skip Authorization: Auto

OAuth Client
Skip Authorization: Checked
Scopes: all openid
Redirect URIs:
Default Redirect URI:
Grant Type: Authorization Code
Response Type: Code

Social Login Keys:
Frappe Client ID: (blank)
Frappe Client Secret: (blank)
Frappe Server URL:
error: Unable to make request to the Frappe Server URL

I’m really not sure what to put in Redirect URIs, Default Redirect URI, Frappe Server URL. is the OAuth Provider Server. Assume this is like

You’ve to register your client here on Provider Server. This is just client registration.

Actual client is the android app / web app / third party app. So the redirect uri while “registration” is always the one your app is hosted on. In case of Android something your app can catch example oauth://authenticator

In case of android there is already an account authenticator library available GitHub - mntechnique/OAuth2Authenticator. That adds an Android’s AccountManager > Account

For the social login keys error: Social login key has been refactored. It is available on frappe/develop branch you can test that.

Or for now use frappe.db.get_value() workaround Custom apps for cloud users [extend ERPNext with microservices] - #3 by revant_one

I’ll suggest checkout GitHub - frappe/frappekt I and Zarrar are working on it. It is a library to build frappe apps on native android. You can help? We can build apps faster then!!

Library is being used for


Thanks revant_one.

I got it worked (on postman) by adding other website url (which not related to frappe or oauth2) to Frappe Server URL.

My android knowledge was not quite good (beginner) and koitlin is new to me but I will check your repo if I can help.

Awesome, Awesome, Awesome!!! :smiley:

i’m getting this error while proceeding these steps

Error :
{“code”:404,“message”:“No route found for "GET /api/method/frappe.integrations.oauth2.approve"”}

getting this after the 3rd step

Please help me?

Which server are you trying to access?

{“code”:404,“message”:“No route found for “GET /api/method/frappe.integrations.oauth2.approve””}

I think you’re trying to access some app with frappe server’s http query parameters.

This endpoint exists on frappe side,
app side needs GET endpoint to receive the Authorization code for further action.