Hello,
I’ve been developing a Patreon integration for my website on localhost for quite some time, and let’s say it worked fine. I have Creator Access Token hardcoded.
Now I am testing everything on my webserver, and it seems that CAT is refreshed at least every few hours. I tried to create a new client, but it didn’t help. Am I doing something wrong? Is it possible to get CAT from API using patreon-php with CID and Secret?
Patreon’s API is so retarded that it drives me nuts…
You shouldnt hardcode the token in a way that is not possible to update it. The token may get refreshed. It definitely shouldnt be a few hours - there may be something in your app or a library which you are using that causes the refresh maybe.
Of course, it is easy to change in the code, but just pain. I’m automating everyting that can be automated; this script is executed by cron, so I would have to check all the time if my CAT hasn’t changed so that it runs properly.
As I said previously, I am using https://github.com/Patreon/patreon-php so I don’t think it causes the refreshing.
No such frequent refreshing issue with the PHP lib was reported. PHP lib does not automate getting and refreshing tokens anyway - the token must have been already acquired.
WordPress plugin has internal logic which allows creation of apps, and checking and refreshing expiring tokens automatically. Both for creator access token and user’s app tokens. You can check its logic to get ideas about how to implement such automation.
For now it seems that it hasn’t refreshed since yesterday evening. If the weird behavior comes back though, I will have a look into that wordpress plugin. Thanks.
Just some sharing from my own debugging of patreon-php.
Access and refresh tokens are updated every time you make the refresh_token function call with the creator’s access token.
If it updates so frequently for you, then it maybe triggered every time by some logic flow from your users.
I knew it happened for me so I made amendments to my user flow.
I realise this is rather old but I just ran into the same issue but also found what causes it.
What I did was implementing a “Login with Patreon” button and every time I would use this login with my own creator account, the creator’s access token and refresh token would change. 
There are no refresh_token calls anywhere in my code at this point. It would simply be triggered upon login (i.e. the only endpoints called are /oauth2/authorize?response_type=code and /oauth2/token?grant_type=authorization_code).