Token expired — what it means
4 token scenarios: Wevion session JWT, platform OAuth (Meta/Google/TikTok), Stripe/Drive integration tokens, Telegram link. Each has its own re-auth flow.
Written By Salvatore Sinigaglia
Last updated About 5 hours ago
4 token scenarios: Wevion session JWT, platform OAuth (Meta/Google/TikTok), Stripe/Drive integration tokens, Telegram link. Each has its own re-auth flow.
Token expired — what it means
"Token expired" can mean 4 different things in Wevion. Identify which token, then follow the matching re-auth flow. The
TOKEN_EXPIRINGnotification (PRD-21) tells you which type when it fires. Don't ignore expiring tokens — once fully expired, the integration stops syncing / publishing until you re-authorize.
Who is this for
Anyone who got a "token expired" error OR received a TOKEN_EXPIRING notification.
The 4 token types
Type 1: Wevion session JWT
What: a JWT proving you're logged in to Wevion, with a 1-hour expiry (expirationTime: '1h'). It's auto-refreshed hourly via /api/v1/auth/token (the session itself lasts 7 days, refreshed if older than 24h).
Why it might "expire":
- Browser was offline for a long time
- Network glitched during refresh
- You logged out from another tab
- Session deliberately invalidated by admin (e.g. forced logout)
Fix:
- Refresh the page → triggers re-auth
- If that fails: re-login (email + password)
- For impersonation tokens: re-login as the original admin
This is the most common "token expired" you'll see. Usually resolves instantly with a page refresh.
Type 2: Ad platform OAuth token
What: long-lived OAuth token authorizing Wevion to call Meta / Google / TikTok / Taboola / Snapchat / Outbrain ad APIs on your behalf. Wevion stores access token + refresh token; refresh happens automatically when access token expires.
Why it might fully expire:
- Refresh token revoked (you removed Wevion from your platform's connected apps)
- Account-level permission change (you removed yourself from the ad account)
- Platform-enforced expiry (annual re-auth required by some providers)
- Account compromise → tokens auto-rotated
Notification: TOKEN_EXPIRING (see PRD-21 ntf-103). Fires when token is days/hours from full expiry.
Fix: re-authorize via /connect/{platform}:
- Meta:
/connect/meta— see meta-101 connect Meta account - Google:
/connect/google-ads— see gog-101 connect Google - TikTok:
/connect/tiktok— see ttk-101 - Taboola:
/connect/taboola— see tbl-101 - Snapchat:
/connect/snapchat - Outbrain:
/connect/outbrain
The re-auth flow opens the platform's OAuth consent screen. Grant permissions again → Wevion gets fresh tokens.
Type 3: Stripe / Drive integration tokens
What: tokens for non-ad integrations.
These typically require admin / owner role.
Type 4: Telegram bot link token
What: one-time token for linking your Telegram to Wevion.
Why it might expire: by design — link tokens are one-time, with a 24h TTL.
Fix: trigger a new link from Wevion UI (/settings → Notifications → Connect Telegram) — see ntf-104 Telegram connect.
This is NOT a recurring token. Once linked, the link persists until you unlink. Subsequent notifications use the bot infrastructure, not the link token.
Identifying which token
From the notification
TOKEN_EXPIRING notification body includes the platform / integration name. Read it carefully.
From the error message
From the cluster
If you're working in Ads Manager / Analytics / Campaign Creator when error appears → likely platform OAuth (type 2). If in /chat → likely Wevion session JWT (type 1). If in /settings/integrations → likely third-party integration (type 3).
Why tokens expire
Tokens have expiry as a security feature:
- Limits damage if a token is stolen
- Forces periodic re-authorization (user confirms continued access)
- Enables revocation (platform can invalidate without notifying Wevion)
Wevion's auto-refresh handles most expiry transparently. Manual re-auth is needed only when refresh fails (revoked, permission change, account issue).
Don't ignore TOKEN_EXPIRING notifications
When you get the notification:
- Re-authorize within the warning window (typically 7-14 days)
- After full expiry: data syncs stop, publishing fails, rules can't act on affected platform
- Recovery still possible via re-auth flow, but you lose the data that didn't sync during the gap
Some Wevion deployments auto-pause rules pointing to expired-token accounts to prevent action failures (auto_paused_at set on automation_rule table).
Multi-account scenarios
If you have multiple ad accounts (e.g. agency with 20 Meta accounts):
- Token expiry is per-account
- Re-auth per-account via
/connect/metamay need to be repeated for each - Some platforms allow batch re-auth via single OAuth grant
Verify each account's status in Wevion UI after re-auth.
Common questions
Why did my token expire when I haven't logged out?
Refresh failure (platform-side issue, network, permission change). Common after platform updates.
Can I extend token lifetime?
No — provider-controlled. Wevion automatically uses the longest-lived token type each provider offers.
Will I lose data if I don't re-auth promptly?
Sync data from period after expiry until re-auth is lost (provider doesn't backfill).
Do tokens differ between trial + paid?
No — same OAuth tokens. Lifetime determined by provider, not your subscription.
Common issues
- Re-auth completes but error persists: cache issue — refresh Wevion page; if still: check ad account permission (you may have been removed)
- Multiple expired tokens at once: platform-wide event (e.g. Meta forced re-auth). Re-auth each.
- Auto-refresh seems to fail repeatedly: provider may have rate-limited Wevion; wait + retry
- Notification for token expiring but I just re-authed: notification lag (sent before re-auth completed); check current status