RettBehrens
commented
2 years ago Hey @itsaphel this sample app is set up to refresh the tokens on demand when the user clicks the button in the UI for the purpose of demonstrating the code and the call. Any production app would need to build a recurring job around refreshing the tokens but passing the SDK the current tokenset for a new tokenset via refresh_token_set would be the same.
It doesn't seem like this implementation refreshes access tokens? I noticed some refresh-related code at https://github.com/XeroAPI/xero-ruby-oauth2-app/blob/14d2eae80b051afd4a567c1438ed3bb48afc24f3/app/controllers/application_controller.rb#L26-L33 but I can't find any references to it. It's a controller action.
Doesn't the API need to refresh tokens automatically (like in https://github.com/XeroAPI/xero-ruby/blob/master/README.md?plain=1#L246-L262), since access tokens are only valid for 30 minutes?
Bit confused with the whole refreshing mechanism TBH, and not sure why you guys made the API so complicated now and then removed access to the old simple one.