Apologies for typos if any on my phone. We have been trying to put together a solid integration for several providers and aside from Twitter and their non existent email address (oh "good bye" unique key) we have Google with their extremely short token lifetime.
For now we resorted to performing a fake refresh by pushing user through flow on clientside in js.
How would one go about refreshing token without pushing user through the oauth flow without having Offline Access accessType? As refresh tokens are only valid for this accessType.
If i am missing a trick please let me know! All the social providers seem to follow different approaches as expiry does not seem to be exactly specified anywhere so in some cases it is a unixtime stamp some it is a negative integer in seconds relative to now (im guessing it has to be based on UTC or that wont work) and ive seen some that provide expiry as a unix timestamp. Damn was there no RFC for OAuth 2??
Any insights appreciated. Thank you.
Update
Apologies for the lack of clarity. Everything works, it's just Googles OAuth tokens are so shortlived. It's not a showstopper, it's just not ideal that we have to refresh Google's OAuth tokens with JS or use 'accessType' offline.
