I am developing an app that uses OAuth 2.0 to authorize the app. While I tried implement the authorization within the app, I ran into some problem and spent lots of effort to solve it.
Here is what I learnt:
- If the app cannot refresh the token it fails immediately. This can be handled better
- The OAuth strategy can be written to request new client credentials if the refresh token fails
- Maybe Request method can have an option to tell OAuth strategy to not to refresh the token but instead use the existing client credentials
Hopefully, this feedback can help further in shaping the OAuth strategy of the platform.