token_expired
Token lifecycle — expired access, refresh, and ID tokens
HTTP status: N/A (SDK auth) / 401 (API)
Category: Token lifecycle
What this error means
An access token, refresh token, or ID token has expired and can no longer be used. In Customer API responses this may appear as token_inactive (401). In framework SDKs (@wocha/nextjs, @wocha/react) it appears as id_token_expired or token_refresh_failed during session handling.
Common causes
- OAuth access token past its
expclaim - Refresh token expired or revoked after logout or rotation
- ID token expired during callback validation
- Long-lived session without refresh (browser tab idle for hours)
- Clock skew between client and issuer (rare)
How to fix it
- Customer API: Refresh the OAuth access token or create a new management API key.
- Next.js / SvelteKit / Nuxt BFF: Ensure the refresh route is wired; the SDK refreshes automatically when configured.
- React / Vue SPA: Call your refresh endpoint or redirect the user to sign in again.
- ID token validation: Verify system clock; check token
expin JWT debugger. - Do not cache tokens beyond their lifetime; store refresh tokens securely server-side only.