Note: This change is related to the recently announced advanced scope settings.

We're making a change to how scopes work with refresh tokens when an app is reauthorized for an account that already has the app connected.

What's changing?

When a user reauthorizes an app that is already connected, scopes that are no longer selected for the app in its auth settings will be removed from the refresh token.

This will only happen if the scope has been completely removed from the auth settings. Scopes that are still set in the auth settings that were already authorized by the app will remain on the refresh token.

Why is this changing?

Along with the new advanced scope settings, this change is designed to make sure that the scope settings for the app represent all of the possible permissions and scopes that an app has access to. This change will help remove unused scopes from existing installs.

When is this happening?

This change will be enforced on new authorizations beginning on August 26 for any apps that have enabled advanced scope groups. We strongly recommend enabling this option and testing your scopes before advanced scope group settings are required for all apps.

This will only affect new reauthorizations going forward. No existing refresh tokens or access tokens will be changed without going through the authorization process.

Please let us know if you have any questions by joining the discussion in the community.