-1

So, I know that access token is being received always when the user logs in and is valid for 1 hour. And the refresh token is also received, but only when user is prompt to agree with rights. This refresh token can be used offline.

Do I have to refresh the access token? What is the point of access token, if all I need is that refresh token? I'm so confused.

Especially what's the point of this code?

    $refresh = $this->getRefreshToken();
    if ($refresh) {
        $res = $this->fetchAccessTokenWithRefreshToken($refresh);
Martin Zvarík
  • 2,120
  • 22
  • 27
  • 1
    You can only access the protected resource with the access token. You use the refresh token to obtain a new access token, in case the access token expired. I'm not sure what you mean when you say the refresh token can be used offline. What is the point of an auth token if you cannot reach the resource you're trying to authorize against? – Noah Mar 18 '21 at 20:26

1 Answers1

1

The refresh token is required in order to get a new access token after it expires. Otherwise the user will have to authenticate again. The code basically means:

$refresh = $this->getRefreshToken(); // Get me my refresh token
 if ($refresh) { // If I have a refresh token 
     // Here's my refresh token, get me a new access token
     $res = $this->fetchAccessTokenWithRefreshToken($refresh);
Iosvany Dalmau
  • 98
  • 6