The authorization token is not renewed every few days

There’s a strange situation: after authorization, a day or two passes and the token renewal ends with an error.

On the 16th, the token was received without any problems.

2025-09-16 20:49:11.333 [INFO] [Sync][36]: The trakt access token has now expired as of 15.09.2025 19:37:41, requesting refresh token
2025-09-16 20:49:11.343 [DEBG] [Sync][36]: Address: https://api.trakt.tv/oauth/token, Post: {"client_id":"client-id","client_secret":"secret","grant_type":"refresh_token","redirect_uri":"urn:ietf:wg:oauth:2.0:oob","refresh_token":"token"}
2025-09-16 20:49:11.810 [DEBG] [Sync][36]: Response: {"access_token":"token","token_type":"Bearer","expires_in":86399,"refresh_token":"token","scope":"public","created_at":1758044955}, Headers: {Transfer-Encoding: chunked, Connection: keep-alive, CF-RAY: 9802330daae4ef1a-WAW, x-xss-protection: 0, x-content-type-options: nosniff, x-download-options: noopen, x-permitted-cross-domain-policies: none, referrer-policy: strict-origin-when-cross-origin, content-security-policy: frame-ancestors 'self' https://trakt.tv https://*.trakt.tv http://localhost:* https://localhost:*;, pragma: no-cache, vary: Accept-Encoding, x-ratelimit: {"name":"AUTHED_API_POST_LIMIT","period":1,"limit":1,"remaining":0,"until":"2025-09-16T17:49:16Z"}, x-request-id: 429051fb-8b7b-437f-b0f2-06b3d849b208, x-runtime: 0.025655, cf-cache-status: DYNAMIC, alt-svc: h3=":443"; ma=86400, Cache-Control: no-store, Content-Type: application/json; charset=utf-8, Date: Tue, 16 Sep 2025 17:49:15 GMT, ETag: W/"cd4fae994217edd8265c240b1b368e77", Set-Cookie: _traktsession=session; path=/; HttpOnly; SameSite=Lax, Server: cloudflare}
2025-09-16 20:49:11.830 [DEBG] [Sync][36]: Address: https://api.trakt.tv/users/settings
2025-09-16 20:49:12.385 [DEBG] [Sync][36]: Response: {"user":{"username":"ajs","private":true,"deleted":false,"name":"Andrew J.Swan","vip":false,"vip_ep":false,"director":false,"ids":{"slug":"ajs","uuid":"6a535fb08d5ef71067961a436ee0598eeaf294aa"},"joined_at":"2011-07-08T20:54:45.000Z","location":"Kiev","about":"-|-","gender":"male","age":50,"images":{"avatar":{"full":"https://walter-r2.trakt.tv/images/users/000/013/623/avatars/large/c47a2ea690.jpg"}},"vip_og":false,"vip_years":0,"vip_cover_image":null},"account":{"timezone":"Europe/Kiev","date_format":"dmy","time_24hr":true,"cover_image":null,"token":null,"display_ads":true},"connections":{"facebook":false,"twitter":true,"mastodon":false,"google":true,"tumblr":false,"medium":false,"slack":false,"apple":false,"dropbox":false,"microsoft":false},"sharing_text":{"watching":"I'm watching [item]","watched":"I just watched [item]","rated":null},"limits":{"list":{"count":10,"item_count":100},"watchlist":{"item_count":100},"favorites":{"item_count":100},"search":{"recent_count":5},"collection":{"item_count":100},"notes":{"item_count":100},"recommendations":{"item_count":100}},"permissions":{"commenting":true,"liking":true,"following":true}}, Headers: {Transfer-Encoding: chunked, Connection: keep-alive, CF-RAY: 9802330f6f29ef1a-WAW, x-frame-options: SAMEORIGIN, x-xss-protection: 0, x-content-type-options: nosniff, x-download-options: noopen, x-permitted-cross-domain-policies: none, referrer-policy: strict-origin-when-cross-origin, vary: Accept-Encoding, x-ratelimit: {"name":"AUTHED_API_GET_LIMIT","period":300,"limit":1000,"remaining":999,"until":"2025-09-16T17:50:00Z"}, x-request-id: d9c84f6a-61ca-4784-b93e-110566415df4, x-runtime: 0.368244, cf-cache-status: DYNAMIC, speculation-rules: "/cdn-cgi/speculation", alt-svc: h3=":443"; ma=86400, Cache-Control: max-age=0, private, must-revalidate, Content-Type: application/json; charset=utf-8, Date: Tue, 16 Sep 2025 17:49:16 GMT, ETag: W/"etag", Server: cloudflare}
2025-09-16 20:49:12.387 [INFO] [Sync][36]: User ajs successfully signed in and retrieved online settings from trakt.tv

And on the 17th we already found an error, and this happens every couple of days.

2025-09-17 21:01:09.612 [INFO] [PlaySync][44]: The trakt access token has now expired as of 15.09.2025 19:37:41, requesting refresh token
2025-09-17 21:01:09.621 [DEBG] [PlaySync][44]: Address: https://api.trakt.tv/oauth/token, Post: {"client_id":"private","client_secret":"private","grant_type":"refresh_token","redirect_uri":"urn:ietf:wg:oauth:2.0:oob","refresh_token":"token"}
2025-09-17 21:01:10.184 [ERR ] [PlaySync][44]: Protocol Error, Code = '400', Description = 'Bad Request', Url = 'https://api.trakt.tv/oauth/token', Headers = 'Transfer-Encoding: chunked, Connection: keep-alive, CF-RAY: id-WAW, x-xss-protection: 0, x-content-type-options: nosniff, x-download-options: noopen, x-permitted-cross-domain-policies: none, referrer-policy: strict-origin-when-cross-origin, content-security-policy: frame-ancestors 'self' https://trakt.tv https://*.trakt.tv http://localhost:* https://localhost:*;, vary: Accept-Encoding, x-ratelimit: {"name":"AUTHED_API_POST_LIMIT","period":1,"limit":1,"remaining":0,"until":"2025-09-17T18:01:15Z"}, x-request-id: request-id, x-runtime: 0.005531, cf-cache-status: DYNAMIC, alt-svc: h3=":443"; ma=86400, Cache-Control: no-store, Content-Type: application/json; charset=utf-8, Date: Wed, 17 Sep 2025 18:01:15 GMT, Set-Cookie: _traktsession=session-id; path=/; HttpOnly; SameSite=Lax, Server: cloudflare, WWW-Authenticate: Bearer realm="Trakt", error="invalid_grant", error_description="The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."'
2025-09-17 21:01:10.210 [ERR ] [PlaySync][44]: Failed to refresh access token from trakt.tv, you must go to settings and re-authorise application, Code = '400', Reason = 'Bad Request'

2025-09-16 20:49:12.387 - Refresh Ok
...
2025-09-17 21:01:09.612 - Refresh failed

Judging by the time, it looks like more than 24 hours have passed, but as I understand it, the Token should have been updated anyway?

Seems like the token you are trying to refresh is invalid.

Things to check:

• make sure the refresh token is updated/stored and rolled over (don’t post them here but check you logs to see if the second call to refresh uses the refresh token you receive from the first refresh call). If you use a refresh token you already used, it is seen as a replay attack.
• also, if someone or something tries to make a request with an old token (that has been refreshed in the meantime), the system may invalidate the whole token chain. Again, this is to prevent malicious actors from using an old token or replay requests they may find. So make sure when you get a new token to not use the old one anymore because the system can’t make the difference between you and an attacker.
• I don’t think it’s a redirection URI or the grand type problem since it worked one day before but you can also check that.

Hope this helps!

What I do not get about this update around March time update, is that they loose out on data, on watching habits. Personally if the anonymous the data, I would be happy for the to sell the habits, if that would help there business model. Therefore at the point they probably want to make the Tokens unlimited.

I have one client, and this happens every 2-3 days. After re-authorization on the 17th, yesterday Trakt requested authorization again. So everything’s fine for 2-3 days, then it goes bad?

I’ll try checking it again, but so far I don’t see anything that could be interfering. Even though the token was valid for 90 days, it worked for years.