I´m a bit puzzled how to use auth_ and refresh_token correctly in php.
I have registered a new client app with the oauth-provider. After that my app sends the client-id and secret to the oauth2-authorization-endpoint which returns following:
Array
(
[result] => Array
(
[access_token] => qjdcshsmgwcuvi7hzpgxwqapfb8aoab60fmprk1g
[expires_in] => 86400
[token_type] => Bearer
[scope] => basic
[refresh_token] => whnutk9npmaikcn1bxbovleuqn9ggn9j00jgyiph
)
[code] => 200
[content_type] => application/json
)
Great, I can now query the API by use of access_token. BUT the access_token will expire in 24h and the whole dance will start again.
Questions:
- where do I store the access_token that the whole process does not run on every request? A session will not be persistent, in a conf file, memcache a DB?)
- How to deal with the refresh token should I save a timestamp in the session and check if a new access_token has to be requested?