Refresh Expired Tokens

As of Socialstream v4.1.0, socialstream will now automatically check and refresh expired access tokens when they're retrieved from the database. To do this, socialstream uses the client_id and client_secret values stored in your applications services.php config file.

This may slow down your application depending on any delays in the request to the providers OAuth server.

This feature is enabled by default, to disable this feature, simply remove it from the features array inside your socialstream.php config file:


You may wish to customise the logic behind refreshing an expired token, to do this, you can provide a closure to the Socialstream::refreshesTokensForProviderUsing() method from within the boot method of your applications AppServiceProvider. For example, for GitHub, this would look like the following:

Socialstream::refreshesTokensForProviderUsing('github', function (ConnectedAccount $account) {
    $response = Http::asForm()->post(...);

    return new RefreshedCredentials(
        token: $response['access_token'],
        refreshToken: $response['refresh_token'],
        expiry: now()->addSeconds($response['expires_in']),

Alternatively, you may provide the method with the FQN of a resolver class. This class must extend the base provider class from either Laravel Socialite, or the Socialite Providers package you are using. For example, if you were to use the Reddit provider from socialiteproviders/reddit, you may define a class for refresh Reddit Oauth tokens and use that instead:


namespace App\RefreshTokenProviders;

use GuzzleHttp\RequestOptions;
use JoelButcher\Socialstream\Concerns\RefreshesOauth2Tokens;
use JoelButcher\Socialstream\Contracts\Oauth2RefreshResolver;
use SocialiteProviders\Reddit\Provider as RedditProvider;

class RedditOauth2RefreshResolver extends RedditProvider implements Oauth2RefreshResolver
    use RefreshesOauth2Tokens;

    public function __construct()
            request: request(),
            clientId: config('services.reddit.client_id'),
            clientSecret: config('services.reddit.client_secret'),
            redirectUrl: '',

        $this->guzzle = [
            RequestOptions::AUTH => [$this->clientId, $this->clientSecret],

You would then add the following to the boot method of your applications AppServiceProvider:

Socialstream::refreshesTokensForProviderUsing('reddit', RedditOauth2RefreshResolver::class);

Last updated