Step 4 – Refresh your access token
The access tokens that you receive in Step 2 - Get your access token often aren't perpetual. Most tokens issued to you will have an expiry time. This may differ depending on the service provider you are integrating with as well as the properties of your client, but this is usually on the order of minutes or hours. Once it expires, it can no longer be used to access protected resources. To continue to access protected resources, you have two options:
- Start the entire authentication process again. This may require your user to log back in.
- Attempt to refresh the access token using the accompanying refresh token. This can be done without any user interaction, and so should be used whenever possible.
What if I don't ...
Get Mastering OAuth 2.0 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
