# OAuth2 error: refresh_token_expired

- **ID:** `api/oauth2-refresh-token-expired`
- **Domain:** api
- **Category:** auth_error
- **Verification:** ai_generated
- **Fix Rate:** 85%

## Root Cause

The refresh token has exceeded its expiration time and cannot be used to obtain a new access token.

## Version Compatibility

| Version | Status | Introduced | Deprecated |
|---------|--------|------------|------------|
| OAuth 2.0 | active | — | — |
| RFC 6749 | active | — | — |
| Google OAuth2 API v2 | active | — | — |
| Microsoft Identity Platform v2.0 | active | — | — |

## Workarounds

1. **Redirect the user to the authorization endpoint to obtain a new refresh token via the full OAuth2 authorization code flow.** (95% success)
   ```
   Redirect the user to the authorization endpoint to obtain a new refresh token via the full OAuth2 authorization code flow.
   ```
2. **Implement a token refresh mechanism that checks token expiry and proactively re-authenticates before expiration using the 'offline_access' scope.** (85% success)
   ```
   Implement a token refresh mechanism that checks token expiry and proactively re-authenticates before expiration using the 'offline_access' scope.
   ```

## Dead Ends

- **** — The token is permanently expired; retrying only consumes rate limit. (90% fail)
- **** — Token signatures are verified by the server; any tampering invalidates it. (100% fail)