Menu
I'm working on incorporating an external api through OAuth and am a bit lost as to the purpose of the expires_in property. From reading around, api token use should be coded defensively in that you should expect that the token could be invalid at any point. If this is the case, what benefit does storing the expiry time have?
246
I agree with your original point. By default ignore the expires_in field and reauthenticate and retry the API call with a new token if you get a 401. The expires_in field can be used as an optimization of required, but it does not properly deal with clock differences between client and server - or renewed token signing keys. Personally I never use expires_in.
199
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
