Refresh token and refresh_token_expires_in

[IsraelOrtuno]

Hello! I am rising the issue here as I cannot find specific information about this on the internet and I thought you could know about it since you already developed a package. Sorry as I know this is not the right place but can be relevant to the package.

I saw on TikTok's docs that the refresh_token expires in 365 days and refresh_token_expires_in is giving less and less time every time you refresh the access_token which is fine.

My question is what happens after those 365 days and that refresh_token expires, do you need to get authorised again? Or at some point you get a different refresh_token that will last for longer so your user do not have to re-authorise the application again? The documentation says that the refresh_token may be different (I haven't got any different yet) so you should always store it, that's why I wonder if the refresh_token_expires_in could get increased at some point too.

Thanks in advance!

[chanioxaris]

Hello Israel, unfortunately i am not able to help you, as i am not aware either how TikTok OAuth flow works for refresh tokens. Most OAuth providers, when you refresh an access token, they provide you with a new refresh token but that's not the case with TikTok, which makes sense to be honest as the refresh token has a bing expiration period of 365 days as you mentioned. My best guess would be that, TikTok will return a new refresh token while authenticating or requesting a new access token, when it's about to expire soon (e.g. 1 week or so)