I thought this was discussed somewhere, but I can't find the thread.
I've updated my authorization to the one you gave me Dani. If I now start my DwArticleWatch after a while (about 2 hours, but unconfirmed) I get an error message that curl failed. I think the access token has timed out at that point (or the session associated with it). If I reload the authorization page, and go back to the watch, it works again. Do I need to implement a refresh method? Looks like it breaks earlier then the mentioned 24 hours.
You need to give me something to reproduce. However, without looking at anything, this is the flow:
Make request to /api/oauth
Depending on if end-user previously authorized at any time in the past, they will be asked to authorize and then you'll get a code, or you'll just directly get a code
Code can be exchanged only one-time for access token and refresh token with call to /api/access_token; Access token has 24 hour lifespan and refresh token has infine lifespan (unless end-user manually revokes it)
Subsequent calls to /api/access_token allow you to exchange your permanent refresh token for an access token whenever you need it; Each access token is good for 24 hours; Refresh tokens have infinite lifespans and can be exchanged at any time, as many times as you need