Refreshing access_token without user interaction


#1

Hello, does OAuth2 flow on Lockitron support “refresh_token” ?
So far the API documentation doesn’t mention about refresh_token although “expires_in” is defined. If it’s not supported, do users need to enter user/password again when access_token is expired to acquire new one?
We are looking for the way how to refresh access_token without user interaction. (e.g, on behalf of user, the our service refreshes the expired token using refresh_token via OAuth2 authentication server)

Kind Regards,
Ai


#2

@aisuzuki we don’t offer one at this time, although it’s been discussed in a couple places.

All apps should handle the scenario where they unexpectedly can’t authenticate anymore and at that point direct the user back through the OAuth flow; this is because users have the ability to revoke API sessions on demand via their account settings page.


#3

Thank you for answering. I agree with your point, we’ll consider to let user back to the authentication page again.

Also do you provide list of "scope"s for OAuth2? So far I haven’t found it on documentation yet.