As per #54 , this package should have a way for people to refresh their tokens and a way of knowing if they are invalid or expired.
Typically, when a token is expired, the web application should try to refresh it and get the new one seamlessly in case a request to a protected resource fails. Having a function that refreshes the token given an access token should make it easy for people to do so.
The package calls the /authorize end point and receives an access token.
An OAuth 2.0 refresh token. The app can use this token to acquire other access tokens after the current access token expires. Refresh tokens are long-lived. They can maintain access to resources for extended periods. For more detail on refreshing an access token, refer to Refresh the access token later in this article.
Note: Only provided if offline_access scope was requested.
The client user should have access to the refresh token, as well.
As per #54 , this package should have a way for people to refresh their tokens and a way of knowing if they are invalid or expired.
Typically, when a token is expired, the web application should try to refresh it and get the new one seamlessly in case a request to a protected resource fails. Having a function that refreshes the token given an access token should make it easy for people to do so. The package calls the
/authorize
end point and receives an access token.According to https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow, we should be able to also return the refresh token.
The client user should have access to the refresh token, as well.