After a user has logged in their oauth2 access token is saved on the client system, in this case mobile phone. What is supposed to happen when the token expires?
- Should the client do periodic checks to make sure the token isn't stale, and if it is close to expiring request a new one?
- Or after the token has been verified on the server side, during an API call of some sort, should the server also check if its close to expiring and return a new token with whatever response that was already going to be sent back.
I don't want to make the user login every time a token has expired. That seems counter productive to the ease of use of a mobile app.
If there is another option that I didn't include please let me know. Those are the only two I could think of.
By the way this is a basic login. There is no Facebook, Google, Twitter, etc. login.
