Question

Issue with OAuth Token Expiry Handling: Access Token Expired but No Prompt to Reauthorize

Forum|Forum|24 days ago
November 24, 2025
16 replies
197 views

RakeshTWC
Participating Frequently

We are using OAuth 2.0 with Authorisation Grant in our Moveworks plugin integration. On first authorization, we successfully receive both an access token and a refresh token. However, the access token expires after 24 hours, and when users query the plugin after that, the plugin directly fails instead of prompting the user to re-authorize.

Expected behaviour :

When the access token expires, the plugin should use the refresh token to fetch a new access token silently. If that also fails (e.g., refresh token expired), it should prompt the user to re-authorize.

Current behaviour :

The plugin fails immediately on expired access token without asking users for re-authorization, resulting in poor user experience.

Request:

Could you please advise the best practice or configuration in Moveworks to handle access token expiration and ensure the plugin prompts users for reauthorization when necessary?

Thank you in advance for your help.

Kevin Mok
Community Manager
Forum|Forum|24 days ago
November 24, 2025

Hey @RakeshTWC - This is a known bug and fix is planned to be deployed later this week so the users are always prompted to authorize again!

DIANA.TWC
Inspiring
Forum|Forum|24 days ago
November 24, 2025

Thank you so much @Kevin Mok for the response. How will we know when the fix is in place? Will Moveworks send a notification or make a post the same day?

RakeshTWC
Author
Participating Frequently
Forum|Forum|24 days ago
November 24, 2025

Hey @RakeshTWC - This is a known bug and fix is planned to be deployed later this week so the users are always prompted to authorize again!

Thank you so much @Kevin Mok for the response.

Kevin Mok
Community Manager
Forum|Forum|23 days ago
November 25, 2025

I will update this thread.

RakeshTWC
Author
Participating Frequently
Forum|Forum|18 days ago
December 1, 2025

Hey @Kevin Mok, has the authentication issue been resolved?

Thanks in advance.

Kevin Mok
Community Manager
Forum|Forum|17 days ago
December 1, 2025

Hey @DIANA.TWC @RakeshTWC - Due to some deployment issues last week ,we couldn’t get the fix out on time, but we should be applying today after business hours!

Kevin Mok
Community Manager
Forum|Forum|16 days ago
December 2, 2025

The fix is in now!

RakeshTWC
Author
Participating Frequently
Forum|Forum|15 days ago
December 3, 2025

Hi @Kevin Mok, good morning. I’m still encountering the issue of receiving authorization notifications in case the token expires.

Kevin Mok
Community Manager
Forum|Forum|15 days ago
December 3, 2025

Sorry about that, I contacted our ENG team to investigate.

RakeshTWC
Author
Participating Frequently
Forum|Forum|10 days ago
December 8, 2025

Hi @Kevin Mok , Good Morning.

Is there any update on the issue still facing the same issue.

Thanks in advance

Kevin Mok
Community Manager
Forum|Forum|9 days ago
December 9, 2025

Hey @RakeshTWC - Engineering did some digging into the logs in the backend, and it looks like the issue is happening due to a misconfiguration of your connector. They were able to share the error message and it was:

"Received error: invalid_grant. Description: Unknown or invalid refresh token.. URI: "

Please, make sure your connector is setup correctly, this isn’t an error with the UCA skill.

RakeshTWC
Author
Participating Frequently
Forum|Forum|7 days ago
December 11, 2025

Hi @Kevin Mok

Good Morning, Thank you very much for providing the info.

It’s a 2-step process as outlined by UKG, and we’re not sure what exactly is going wrong on their side. UKG uses a different endpoint for the refresh token, and there isn’t any option or setting available to change that. Their documentation shows this clearly here:

https://developer.ukg.com/hcm/reference/authentication

Kevin Mok
Community Manager
Forum|Forum|7 days ago
December 11, 2025

@RakeshTWC That documentation site does not work. Is there another way you can share it?

ajohanson
Employee
Forum|Forum|7 days ago
December 11, 2025

@Kevin Mok try this? https://developer.ukg.com/talk/docs/authentication-and-security-doc

Kevin Mok
Community Manager
Forum|Forum|7 days ago
December 11, 2025

Thanks that works - based on that doc it says to use the following URL:

https://HOSTNAME/api/authentication/access_token

This is to generate tokens, and the refresh token uses the same URL - I also see a revoke token URL and you need to make sure that it is set in the HTTP connector configuration too

https://HOSTNAME/api/authentication/token/revoke

DIANA.TWC
Inspiring
Forum|Forum|6 days ago
December 12, 2025

Hi @Kevin Mok - we made the change and we’re still receiving the error. Can we please schedule a call between our teams to further troubleshoot this issue? We urgently need to get this unblocked.

Sign up

For current customers who manage their engagement with Moveworks, please login or create your account with the customer button below. For Moveworks Partners, please login or create your account with the partner button below.

Login to your Moveworks Community

For current customers who manage their engagement with Moveworks, please login or create your account with the customer button below. For Moveworks Partners, please login or create your account with the partner button below.

Scanning file for viruses.

This file cannot be downloaded