What does this mean?
For most of our per-user integrations with connectors like Facebook, Instagram, LinkedIn, YouTube Vimeo etc, maintaining a continuous connection requires our users to periodically reauthenticate. These integrations use secure access tokens, which are temporary authorizations that allows MirrorWeb to access the platform on behalf of the user. However, these tokens are designed to expire after a set period—often one year from the initial connection. This is especially true for LinkedIn, where tokens expire exactly one year from the date of activation.
Once a token expires, the connection between the platform and our service is broken until the user reauthenticates. This process involves sending the user a new activation email that prompts them to reauthorize the connection, thus renewing their token for another year. Without this renewal, our access to their platform data is paused.
Why do connection tokens expire?
Connection tokens expire primarily for security and data protection purposes and are enforced by the per-user platforms we integrate with. These platforms require that tokens expire periodically to ensure that access to user data is not indefinite and remains controlled, secure, and user-authorized. By setting expiration timelines, platforms can actively minimize risks associated with unauthorized access or data breaches. If a token were to be compromised, it would only be usable for a limited period, effectively reducing the risk window and protecting user data from prolonged exposure.
For instance, LinkedIn tokens expire one year after activation. This expiration mechanism requires users to reauthenticate, meaning they must verify and actively allow us to reconnect and access their data again. By enforcing token expiration, the platforms maintain user trust and adhere to security best practices. This approach protects users while enabling us to continue providing seamless access to their data.
How to reauthenticate an expired token?
We’ve developed a notification feature to remind users when their connection is nearing expiration. This feature is being rolled out first for LinkedIn users, as their tokens are among the earliest to reach expiration. The process ensures that users have ample opportunity to reauthenticate before the token expires, keeping their connections secure and uninterrupted.
Here’s how the reauthentication notification process works in detail:
1. Two weeks before expiration:: Users will receive an initial notification email when their connection is two weeks away from expiring. This email will include a straightforward link to reauthenticate, allowing them to renew their token with minimal effort.
2. Follow-up reminders: If a user does not take action on the initial notification, they’ll receive follow-up reminder emails every two days. Each reminder will include a clear call to action, making it easy for users to reauthenticate with just a few clicks. These reminders continue up until the expiration date to ensure that users are consistently aware of the approaching deadline.
3. Final notification if the token expires: If the user still hasn’t reauthenticated by the expiration date, a final email will notify them that their connection has expired.