oauth2l currently does not invalidate or refresh expired access tokens in the cache, so after one-hour, manual cache "reset" is required to clear the expired access token. Furthermore, when manually resetting cached tokens, even the non-expired tokens are lost. This leads to having to log in many times for 3LO flow.
This problem should be addressed at two levels:
Automatically invalidating expired access tokens, without requiring manual "reset".
If possible, automatically refresh expired 3lo oauth2 access token, via the refresh token.
andyrzhao
commented
4 years ago
oauth2l currently does not invalidate or refresh expired access tokens in the cache, so after one-hour, manual cache "reset" is required to clear the expired access token. Furthermore, when manually resetting cached tokens, even the non-expired tokens are lost. This leads to having to log in many times for 3LO flow.
This problem should be addressed at two levels: