OAUTH_TOKEN_REFRESH_FAILED
What this means
Glean tried to refresh a teammate's OAuth credentials, but the source system rejected the request. The action can't proceed until the teammate re-authenticates.
Common causes
- The refresh token expired because of the source system's token lifetime policy.
- The teammate or an admin revoked the Glean connected app in the source system (for example, removing the app from Salesforce Connected Apps or Atlassian Authorized Apps).
- The custom OAuth app's client secret was rotated in the source system but not updated in the Glean Admin Console.
- The custom OAuth app's refresh token lifetime is too short for the usage pattern.
What to do as a teammate
- Re-run the agent or action that triggered the error.
- When prompted, click Connect to re-authenticate with the source system.
What to do as an admin
- In Admin Console → Platform → Actions, open the action pack and confirm the authentication method (Central or Custom).
- If the action pack uses a Custom OAuth app:
- Verify the app still exists in the source system and hasn't been deleted or deactivated.
- Confirm the client secret in the Admin Console matches the current secret in the source system.
- Confirm the callback URL in the source system matches the one shown in the Admin Console.
- Review the refresh token lifetime policy in the source system. If it's set to a short duration, consider extending it. For example, Databricks recommends refresh token lifetimes of approximately three months for custom OAuth apps.
- If the action pack uses the Central app, the issue is likely a source-system policy change or a temporary service disruption. Have the affected teammate re-authenticate. If the problem persists across multiple teammates, contact Glean Support.
For more guidance, see Troubleshooting actions authentication.
For additional assistance, contact Glean Support at https://support.glean.com.