I´m a bit puzzled how to use auth_ and refresh_token correctly in php.
I have registered a new client app with the oauth-provider. After that my app sends the client-id and secret to the oauth2-authorization-endpoint which returns following:
Array ( [result] => Array ( [access_token] => qjdcshsmgwcuvi7hzpgxwqapfb8aoab60fmprk1g [expires_in] => 86400 [token_type] => Bearer [scope] => basic [refresh_token] => whnutk9npmaikcn1bxbovleuqn9ggn9j00jgyiph ) [code] => 200 [content_type] => application/json )
Great, I can now query the API by use of access_token. BUT the access_token will expire in 24h and the whole dance will start again.
- where do I store the access_token that the whole process does not run on every request? A session will not be persistent, in a conf file, memcache a DB?)
- How to deal with the refresh token should I save a timestamp in the session and check if a new access_token has to be requested?