EMA C++ Developers Guide : 6 Consuming Data from the Cloud : 6.4 Version 1 Authentication Using oAuth Password and Refresh_Token : 6.4.3 Refreshing the Access Token and Sending a Login Reissue
 
6.4.3 Refreshing the Access Token and Sending a Login Reissue
In response to the API’s token request, the Delivery Platform sends an access token and a refresh token, both with associated expiration timeouts which set the length of time for which the token is valid. If the LSEG Real-Time Advanced Distribution Server does not receive a new access token before the end of the expiration timeout, the LSEG Real-Time Advanced Distribution Server sends a login close status message and closes the connection.
 
NOTE: The life cycle of OmmConsumer in the Enterprise Message API depends on the state of the login stream because the Enterprise Message API closes the underlying channel whenever the API receives a close status message from LSEG Real-Time Advanced Distribution Server. To recover from this scenario, the application must create another OmmConsumer and resubscribe to all applicable items.
To create a seamless experience for API users, the API sends the refresh token to proactively obtain a new access token prior to the published expiration timeout. The Enterprise Message API calculates the time at which it requests a new access token by multiplying the token’s published timeout by 4/5 (i.e., 0.8).
In response to receiving a refresh token, the Delivery Platform sends a new access token with an associated timeout to the API. After receiving the new access token from the Delivery Platform, the API renews its connection by sending a Login Reissue with the new access token to the LSEG Real-Time Advanced Distribution Server. The process of renewing the access token and refreshing the LSEG Real-Time Advanced Distribution Server connection via a Login Reissue continues until the refresh token itself expires (which can take several hours or days). When using a grant_type of refresh_token, if the value for expires_in does not match the expires_in received from when the API obtained the refresh_token (i.e., when grant_type was password), this is an indication that the refresh_token is about to expire. In this case, the API will obtain a new set of both refresh and access tokens as described in Section 6.4.2.
The login reissue process is illustrated in the following diagram:
Figure 3. Login Reissue