I thought this was discussed somewhere, but I can't find the thread.

I've updated my authorization to the one you gave me Dani. If I now start my DwArticleWatch after a while (about 2 hours, but unconfirmed) I get an error message that curl failed. I think the access token has timed out at that point (or the session associated with it). If I reload the authorization page, and go back to the watch, it works again. Do I need to implement a refresh method? Looks like it breaks earlier then the mentioned 24 hours.

Great. Trying to reproduce, but now it keeps running... 3.5 hours so far.

You need to give me something to reproduce. However, without looking at anything, this is the flow:

  • Make request to /api/oauth
  • Depending on if end-user previously authorized at any time in the past, they will be asked to authorize and then you'll get a code, or you'll just directly get a code
  • Code can be exchanged only one-time for access token and refresh token with call to /api/access_token; Access token has 24 hour lifespan and refresh token has infine lifespan (unless end-user manually revokes it)
  • Subsequent calls to /api/access_token allow you to exchange your permanent refresh token for an access token whenever you need it; Each access token is good for 24 hours; Refresh tokens have infinite lifespans and can be exchanged at any time, as many times as you need

Haven't used the refresh token yet, and the code is still running. So never mind for now.

You only need to use the refresh token for offline apps (when you need access to an active access token at a time when the user is not online and you can't send them through the flow).