I have seen with other OAuth implementations that the refresh token TTL is refreshed or increased every time the access token is used.
The advantage of this is that a regular user of the api will not need to re-authorise weekly
Thanks,
The advantage of this is that a regular user of the api will not need to re-authorise weekly
refresh_token have a life of 1 week and after that it expires. You can refresh a new set of accees_token and refresh_token to use. I have seen these as a more or less same duration as a common practice around different oauth servers. Why do you need a refresh_token more than that life ? You can always generates a new access token and refresh token before it expire.
A Refresh Token is a special kind of token that can be used to obtain a renewed access token
4 People are following this question.