Android OAUTH: Refreshing my token

Question

In my Android application, I'm using OAUTH to authenticate with a service. When I authenticate I get an access_token and a refresh_token; pretty standard.

The access token expire every hour, and you need to use your refresh token to get a new access token. Should I have a service that runs once an hour to refresh that for the user - or is it acceptable to have refresh token call every time I make a call to the server? I know it would have more network usage for the user for the latter case, but we're talking negligible amounts of data even for 50 token refreshes.

Thanks for any advice!

you can also catch 401 errors, refresh token and then replay the requests — Sarantis Tofas, Jun 19 '17 at 00:02

score 0 · Answer 1 · answered Aug 09 '17 at 22:30

You can have a service which runs every 50 mins to refresh your token or whenever you receive invalid token, token expired response you can refresh the token. I would prefer 50min refresh, that way you don't have to hit the OAuth server for tokens for every request.

Android OAUTH: Refreshing my token

1 Answers1