I am following Oauth 2.0 authentication protocol.
There, it's said in the Authorization code flow after getting the Oauth Access token we need to refresh it using the refresh token if Access_toke is expired.
My question is how do we know whether the access_token is expired or not?. so that we can claim a new access token with the help of refresh_token.
your token array should look like this one.
tokens[token] = { "userID": userID, "clientID": clientID , "expires_in": expires, "refreshToken": refreshToken };
expires = current time + 30mins(assume your token will expire after 30 mins) In your protected route you should compare current time with that expiration. If token expire, you will issue a new token using refresh token.
Just remember the time when access token will expire when you get it. When you obtain access token you can check expires_in parameter. See OAuth 2.0 specification: https://tools.ietf.org/html/rfc6749#section-4.1.4
You should also handle Invalid Token Error and get new token when old is expired. See description: https://tools.ietf.org/html/rfc6749#section-1.5
