401 Oauth2 should handle token refresh flow

[GoogleCodeExporter]

Current official word is:

"Do not throw away your old token when optimistic auto-refresh fails. Do throw 
away your token (actually, send it to the revocation endpoint and then throw it 
away) when you get a 401 for an API call and then a subsequent refresh fails. 
In the cause of a failed API call, either the access token expired or access 
was denied. At this point your best bet is to try an auto-refresh, and send 
your old access token to the revocation endpoint. You'll either get a new 
access token (OK!) and can then try the API call again, or you will get an 
error and will have to try to explain the error to the user. In the case where 
you get a 401 and then refresh and the new token gets you a 401 too, it's 
likely you and the API are not in agreement about necessary access scopes, or 
something else broke, and in any case you should stop retrying and show the 
user an error message of some sort."

Original issue reported on code.google.com by wo...@google.com on 26 Jul 2011 at 8:51

[GoogleCodeExporter]

Original comment by bobaman@google.com on 10 Jan 2012 at 7:47

• Added labels: Milestone-Release-1.0

[GoogleCodeExporter]

Added refresh + retry in the 0.5.0 release.

Original comment by sba...@google.com on 2 Nov 2012 at 8:59

• Changed state: Fixed