I just want to be absolutely clear on how refresh_token works for the OAuth API.
The initial token for a user expires in 1 hour. However, the refresh_token lasts for 15 years.
Could I then just use that initial token, immediately generate a refresh_token, and then not have to worry about web-based token generation ever again? (15 years).
I was originally going to ask if there was a method to use the OAuth API without using any kind of Token. This is because not all server operations are driven by a user, so there will be times where the web browser authorization process could not be done, but I’d still like to access information about Meetings without any user context.
But if I can at least generate user refresh_tokens that last 15 years, I can just fake it. But is that going outside good OAuth design?
Which App Type (OAuth / Chatbot / JWT / Webhook)?
Kinda all of them.
How To Reproduce (If applicable)
Screenshots (If applicable)