3

So is there a way to assure that single user after one authentication cycle, doesn't need to authorize via web browser again? Something like neverending access_token?

This would be nice because my app is syncing calendar events in both ways real time using webhooks.

It seems like you should refresh your access_token every 14 days and it's possible max. 90 days, after that you have to login again via browser to give your app an access, is that right? Ofc, I also read that, if user changes password it revokes access_token too..

NOTE: I read somehwere that daemon service has neverending access_token, but webhooks doesn't work with that?

lehtu
  • 868
  • 1
  • 12
  • 27

1 Answers1

0

You can always use the existing refresh_token to get new access_token behind the scene.

user3660575
  • 57
  • 9
  • Well, this is only partially true. see Arlouski's link: http://stackoverflow.com/questions/35353319/oauth-grant-flow-tokens-expiration – lehtu Oct 19 '16 at 19:23
  • Currently, I am doing the same stuff with a client of mine and refreshing access_token periodically. If a resource owner decides to remove the grant of the app or updates the password, we would need to do oauth step again. – user3660575 Oct 19 '16 at 19:30