To reduce performance issues, we now prevent client apps from sending simultaneous token requests with the same refresh token when using the OAuth 2.0 refresh token flow. Previously, identical token requests sent at the same time didn’t fail, but they did lead to system issues across Salesforce. To avoid disruptions, update integrations that use the refresh token flow to stop sending simultaneous, identical requests to the token endpoint. Improve the efficiency of your integrations by reusing access tokens instead of continually requesting new ones.
Where: This change applies to Lightning Experience and Salesforce Classic in all editions.
How: When using the refresh token flow, Salesforce processes one token request at a time. If your client sends another request while one is being processed, the Status column in the Login History displays Failed: Token request is already being processed.
To prevent the refresh token flow from failing intermittently, update your integrations.
- Avoid or reduce simultaneous calls to the token endpoint with the same refresh token. Instead, after your client obtains an access token from the refresh token flow, cache the token and reuse it.
- If you continue to make simultaneous, identical requests, which isn’t recommended, develop a way to retry the requests when this error occurs.