amkirwan
commented
11 years ago The Implicit Flow(client-side flow) does not support the refresh token. You can either make the client request new access tokens or handle the refresh token server side. Google recommends simply refreshing the auth token https://developers.google.com/api-client-library/javascript/help/faq#refresh. The meetup.com documentation has a good example how you could update using the refresh token server side with the client-side flow http://www.meetup.com/meetup_api/auth/#oauth2implicit.
I'll look into adding a method to the library that allows for refreshing the access_token before it expires like Google recommends.
For a provider such as Google, is there any way of getting the refresh token alongside the access token? The goal is to be able to store users in a database and be able to renew their access token when it expires. Otherwise, when the access token expires and that user comes back and generates a new access token, how can we know it's the same person?