Getting 'invalid_grant' error when trying to refresh Spotify access token

I keep getting an error when I try to refresh my Spotify access token. The API keeps returning {error: 'invalid_grant', error_description: 'Invalid refresh token'} even though I just got the refresh token recently.

Here’s what my code looks like:

const authString = Buffer.from(
    `${process.env.SPOTIFY_CLIENT_ID}:${process.env.SPOTIFY_CLIENT_SECRET}`
).toString("base64");

const formData = new URLSearchParams();
formData.append("grant_type", "refresh_token");
formData.append("refresh_token", process.env.SPOTIFY_REFRESH_TOKEN);

const apiCall = await fetch("https://accounts.spotify.com/api/token", {
    method: "POST",
    headers: {
        Authorization: `Basic ${authString}`,
        "Content-Type": "application/x-www-form-urlencoded"
    },
    body: formData.toString()
});

const tokenData = await apiCall.json();
console.log(tokenData);

The weird thing is that when I use the original access token for regular API calls, everything works fine. But when I try to get a fresh token using the refresh token, it fails every time. I obtained both tokens through a token generator tool online. What could be causing this issue?

Your refresh token is probably fake. Most online token generators only give you short-lived access tokens - not real refresh tokens that actually work with Spotify’s API. These tools create mock tokens that look right but can’t refresh anything.

You’ve got to do the OAuth2 flow yourself. Set up a local server for the callback, send users to Spotify’s auth page, grab the authorization code, then swap it for real access and refresh tokens.

I hit this exact same wall when I started. Wasted hours debugging until I realized the token generator was giving me garbage. Built the proper OAuth flow and it worked instantly.