Since we're using authorization code flow meant for long-term apps and we're performing calls on a backend (see info about it here), I think we should store the user's refresh token in the db. Then, we can also store all access token information (i.e. token, expiring in) and get a new access token whenever necessary.
Before the db, we couldn't store this information persistently, but now that we can, I think it makes sense to. This way, any function from any app can produce the header parameter for the user just from looking at their User object; right now, we're passing in the header in functions that need to make API calls.
Since we're using authorization code flow meant for long-term apps and we're performing calls on a backend (see info about it here), I think we should store the user's refresh token in the db. Then, we can also store all access token information (i.e. token, expiring in) and get a new access token whenever necessary.
Before the db, we couldn't store this information persistently, but now that we can, I think it makes sense to. This way, any function from any app can produce the header parameter for the user just from looking at their
Userobject; right now, we're passing in the header in functions that need to make API calls.