Closed DesmarchelierP closed 1 year ago
The API Developers site says, "Once the refresh token lifetime has expired you will need to explicitly request access again by starting the OAuth flow from the beginning."
At Pinterest, our highest value is "Put Pinners First." (That's what we call people who use Pinterest.) We did our best to set the expiration of the refresh token to a period of time that we thought would be reasonable to go back to a Pinner and ask them for permission for access. When requesting permission, it's possible to make the process conversational and positive. Something like, "Thanks for using our app! We notice that you haven't authorized access recently, so out of respect for your privacy we would like you to reauthorize us to access Pinterest on your behalf. It will just take a few seconds..."
As mentionned in your doc, it is easy to refresh a V5 access token as it expires every month.
But what about refresh token itself ? I found no mention to refresh the refresh token.
As you have followed the rfc6749, i believed that you would also give a new refresh token as it is possible according the rfc. But when I test, I only got a new access token.
So what is the procedure to follow to obtain easily a new refresh token ?
Thanks