I have read the PODIO documentation . I have in particular contemplated the following statement concerning use of the refresh_token :
This request returns the same data as above, and you can continue to do this over and over again, to keep your application authenticated without having to ask the user to re-authenticate.Does this mean that the refresh_token will be indefinitely valid or does it expire:
access_tokenAny help would be much appreciated. TIA!
EDIT: Please see this PODIO Thread which asks the same questions but does not seem to give any conclusive answers about the PODIO implementation of the Oauth2.0 protocol.
Refresh tokens will expire X days (or hours) after their creation. Depending on your security requirements this expiration will be 1 month or 1 hour.
You have to make the decision taking care some aspects as functionality and security.
If you decide to priorize security, a short expiration could make your application anoying for the user. If you decide to priorize functionality, your application could be more vulnerable.