Best practice for updating OAuth token

Question

Best practice for updating OAuth token

I am implementing OAuth for a project and I want to know how best to handle update tokens.

The API that I call will return a JSON object with access_token, expires_in and refresh_token. So I was wondering if it is better:

Calculate the expiration time of access_token and save it in the database. Make sure the access_token has not expired with every API call, and if it has expired, use refresh_token to get a new access_token.
(An additional question is: how can I make sure that the time I calculate for the token expiration is more accurate? Since the expire_in value probably starts from the moment the API server generated the key, and not when I get it.)

OR

Just try calling the API call with access_token each time, and if that happens with an error, use refresh_token.

I am also open to other options for implementing this.

+4

authentication api oauth oauth-2.0 access-token

Angel gao Mar 20 '15 at 15:20

source share

2 answers

Hans Z. · Answer 1 · 2015-03-20T15:55:19+0000

The client should always be prepared to handle the error returned from the API, which indicates that the verification access_tokenfailed. Depending on the implementation, the access token may be revoked or invalidated otherwise.

refresh_token . , 1., 2. , 2 .

, , 1. .

MN_WA · Answer 2 · 2016-08-18T22:53:21+0000

: http://blog.cloud-elements.com/oauth-2-0-access-refresh-token-guide

, , , , 1 . , , . , . , , .

Best practice for updating OAuth token

More articles: