Appearance
Threads
OAuth 2.0 via the Threads Graph API. Two-stage exchange: short-lived token → long-lived token via the th_exchange_token grant. Sosyabot stores { accessToken, userId, expiresAt }.
Authentication at a glance
| Field | Value |
|---|---|
| Auth model | OAuth 2.0 |
| Required ENV | THREADS_APP_ID, THREADS_APP_SECRET |
| Callback URL | ${BASE_URL}/api/v1/auth/threads/callback |
| Scopes / permissions | threads_basic, threads_content_publish |
| Auto token refresh | Yes — every 7 days before expiry |
How to connect
- Open Connections → Threads → Connect.
- Sign in to Threads (Meta) and grant the scopes.
- Sosyabot completes the two-stage token exchange and saves the long-lived token.
Token refresh
Auto-refreshed. The tokenRefresh.queue.ts worker sweeps Threads accounts and refreshes any token whose expiresAt is within 7 days, calling POST /v1.0/refresh_access_token?grant_type=th_refresh_token.
Notes
- Default token TTL is 60 days; the auto-refresh keeps you signed in indefinitely as long as the worker runs.
- The Meta app must be configured with the Threads product, not just the Graph API.
- If
expiresAtis missing on legacy connections, the worker assumes 60 days fromupdatedAtand proceeds.
Troubleshooting
If the channel shows needs_reconnect, the access token was rejected by Threads. Common causes:
- The user revoked Sosyabot's authorization on the platform.
- The platform invalidated the token (password change, security event).
- Your OAuth app credentials rotated and the existing tokens no longer match.
Re-run the connect flow above. See Troubleshooting for the workspace-wide checklist.