Summary
Instagram long-lived tokens expire every 60 days and must be refreshed before expiry. Currently there is no automatic refresh mechanism — the token for @extrachill expired on March 14, 2026 and went unnoticed for over a month, completely disabling Instagram publishing.
This needs to be solved generically for all OAuth-connected platforms, but Instagram is the most critical because:
- IG is where our main following is
- IG tokens have the shortest refresh window (60 days)
- A silent failure here means all Studio social workflows break with no feedback
Current State
BaseAuthProvider stores token_expires_at in the network datamachine_auth_data site optionInstagramAuth::SCOPES requests the right permissionsInstagramAuth has refresh logic that works during the OAuth flow- No scheduled task checks approaching expiry and refreshes proactively
- No notification when a token is approaching expiry or has expired
Proposed Solution
1. System Agent Task: Token Health Check
Add a TokenRefreshTask to the Data Machine System Agent that runs daily:
- Scan all connected platforms in
datamachine_auth_data
- For each platform with a
token_expires_at, check if expiry is within 7 days
- If approaching expiry: attempt silent refresh using the platform's refresh endpoint
- If refresh fails or token is already expired: log a warning and trigger a notification
2. Platform Refresh Methods
Each auth handler already knows its refresh endpoint. Add a refresh_token() method to BaseOAuth2Provider that:
- Calls the platform's token refresh endpoint with the current refresh token
- Updates
datamachine_auth_data with the new token and expiry
- Returns success/failure
3. Notification on Failure
When auto-refresh fails, fire an action that platform plugins can hook into:
do_action('datamachine_oauth_token_expired', $platform, $expires_at)- Extra Chill can hook this to send an email, Discord notification, or admin notice
4. CLI Command for Manual Check
wp datamachine-socials auth status should show expiry for all connected platforms with a warning flag for approaching/past expiry.
Platforms and Their Token Lifetimes
| Platform |
Token Lifetime |
Refresh Window |
| Instagram |
60 days |
Any time before expiry |
| Facebook |
60 days |
Any time before expiry |
| Twitter/X |
2 hours (OAuth 2) |
Uses refresh token |
| Bluesky |
No expiry |
N/A |
| Reddit |
No expiry |
N/A |
| Pinterest |
No expiry |
N/A |
Instagram and Facebook are the most critical due to the 60-day window.
Priority
High — this is site reliability. A silent token expiry completely disables social publishing with no indication to the team.
Summary
Instagram long-lived tokens expire every 60 days and must be refreshed before expiry. Currently there is no automatic refresh mechanism — the token for @extrachill expired on March 14, 2026 and went unnoticed for over a month, completely disabling Instagram publishing.
This needs to be solved generically for all OAuth-connected platforms, but Instagram is the most critical because:
Current State
BaseAuthProviderstorestoken_expires_atin the networkdatamachine_auth_datasite optionInstagramAuth::SCOPESrequests the right permissionsInstagramAuthhas refresh logic that works during the OAuth flowProposed Solution
1. System Agent Task: Token Health Check
Add a
TokenRefreshTaskto the Data Machine System Agent that runs daily:datamachine_auth_datatoken_expires_at, check if expiry is within 7 days2. Platform Refresh Methods
Each auth handler already knows its refresh endpoint. Add a
refresh_token()method toBaseOAuth2Providerthat:datamachine_auth_datawith the new token and expiry3. Notification on Failure
When auto-refresh fails, fire an action that platform plugins can hook into:
do_action('datamachine_oauth_token_expired', $platform, $expires_at)4. CLI Command for Manual Check
wp datamachine-socials auth statusshould show expiry for all connected platforms with a warning flag for approaching/past expiry.Platforms and Their Token Lifetimes
Instagram and Facebook are the most critical due to the 60-day window.
Priority
High — this is site reliability. A silent token expiry completely disables social publishing with no indication to the team.