I understood why Access Tokens have to be expired (here is the topic), but I am a bit confused about the purpose of the expires_in:
expires_inseems to be less useful than a fixed time, since there are delay in network operations and extra computation as well. Why don't we simply use a standard time (like Unix timestamp or ISO 8601)?As in that topic, if we are assuming Access Tokens are very short-lived, are we going to "bomb" the OAuth2 server with refresh token for every operation?
