I’m developing a Slack app where I’ve implemented token rotation using the slack-go/slack library in Go. Specifically, I’m using the RefreshOAuthV2Token method to refresh access tokens. However, I’ve encountered an issue where the refresh token also expires along with the access token, causing issues with token rotation.

Here’s a brief overview of my implementation:

I’m using the RefreshOAuthV2Token method to refresh the access token.
I’ve noticed that sometimes, the refresh token also expires simultaneously with the access token, leading to authentication failures.
I’ve checked Slack’s documentation, but I couldn’t find any explicit information about refresh token expiration being tied to access token expiration.

Has anyone else encountered this issue? Is there a way to ensure that the refresh token remains valid even if the access token expires?

Any insights or suggestions would be greatly appreciated. Thank you!

What I tried
I implemented token rotation in my Slack app using the slack-go/slack library in Go. Specifically, I used the RefreshOAuthV2Token method to refresh access tokens.

What I expected
I expected that when an access token was close to expiration, my application would successfully refresh it using the provided refresh token. This would ensure continuous access to Slack’s API without interruption.

What actually resulted
However, during testing, I observed instances where both the access token and the refresh token expired simultaneously. This led to authentication failures and disrupted the functionality of my Slack app. This behavior was unexpected, as I assumed that the refresh token would remain valid even if the access token expired.

Additional discovery
While troubleshooting this issue, I came across the mention of a “token exchange” API in the Slack documentation (link). However, the documentation did not provide detailed information about what this API does or how it might help in resolving my token expiration issue.

Attempts to resolve the issue
I reviewed Slack’s documentation to ensure I correctly understood the token expiration behavior and how token rotation should be implemented.
I thoroughly checked my implementation of token rotation using the slack-go/slack library to ensure there were no errors or oversights.