I built a private app for a client about a year ago that allows him to set up HTTP posts throughout sales campaign sequences in his CRM that automate text messages from his team to clients. I'm wondering if this would be possible in a public application. Since the password auth flow isn't available in public applications, is there any way to re-authenticate a client in the background? The only way I can think of would be to encrypt and store a token (not ideal) and then re-use it when a request is made to our server. This would still require users to log in and obtain a new token on a regular basis, which detracts from the 'automation' appeal. If storing and reusing access tokens is what you'd recommend, what is the max that the 'refresh_token_expires_in' value can be set to?
Just double checking - a private application can only send messages from the account it was built for, correct?