Auth, How to force test an expired refreshToken?

[stevewasiura]

I have a refreshToken, and it shows an expiration value of
"exp": 1732721703
which formats as
Wed Nov 27 2024 10:35:03 GMT-0500 (Eastern Standard Time)
which is roughly 90 days.

How can I test if the refreshToken fails to authenticate, and I need to start a new session, (without waiting 90 days)?

Can I just send bad data in the refreshToken, (i.e. edit the refreshToken string, change "eyJhbGciO..." to be "XXXXXXXXXXXXXX...")
and the response from auth would be the same result (failure) as if the refreshToken was expired?

Then my code can branch and POST to "com.atproto.server.createSession" instead...

[devinivy]

You should be able to revoke a refresh token using com.atproto.server.deleteSession 👍

[stevewasiura]

Thank you!

after forcing a token revoke, and posting to .refreshSession using that revoked token :

'error' => 'ExpiredToken', 'message' => 'Token has been revoked',

after forcing a token revoke, and posting to .refreshSession using that revoked token with an edited value :

'error' => 'InvalidToken', 'message' => 'Token could not be verified',

my next question is

is it safe to use those error phrases "ExpiredToken" and "InvalidToken" as a matching condition to start a new session by posting to .createSession using the account username and app password?

or

is the occurrence of ANY error a good enough trigger to try to start a new session, so my code will not "break" if the error phrases are changed in the future... ?