From adc60a51e1423abe7744004734cffe9e9060afaf Mon Sep 17 00:00:00 2001 From: ManHat Date: Fri, 8 Nov 2024 02:35:57 +0300 Subject: [PATCH] OAuth2 clarification --- docs/topics/OAuth2.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/topics/OAuth2.md b/docs/topics/OAuth2.md index 17202c34ff..3ad6821743 100644 --- a/docs/topics/OAuth2.md +++ b/docs/topics/OAuth2.md @@ -134,7 +134,9 @@ In response, you will receive: } ``` -Having the user's access token allows your application to make certain requests to the API on their behalf, restricted to whatever scopes were requested. `expires_in` is how long, in seconds, until the returned access token expires, allowing you to anticipate the expiration and refresh the token. To refresh, make another `POST` request to the [token URL](#DOCS_TOPICS_OAUTH2/shared-resources-oauth2-urls) with the following parameters: +Having the user's access token allows your application to make certain requests to the API on their behalf, restricted to whatever scopes were requested. `expires_in` is how long, in seconds, until the returned access token expires, allowing you to anticipate the expiration and refresh the token. The refresh token does not have a specific lifespan, though users can deauthorize your app at any time, which will cause both the active `access_token` (if any) and the `refresh_token` to expire. + +To attempt refreshing, make another `POST` request to the [token URL](#DOCS_TOPICS_OAUTH2/shared-resources-oauth2-urls) with the following parameters: - `grant_type` - must be set to `refresh_token` - `refresh_token` - the user's refresh token @@ -161,7 +163,7 @@ def refresh_token(refresh_token): return r.json() ``` -Boom; fresh [access token response](#DOCS_TOPICS_OAUTH2/authorization-code-grant-access-token-response)! +Boom; fresh [access token response](#DOCS_TOPICS_OAUTH2/authorization-code-grant-access-token-response) with a new `access_token` and `refresh_token`! ###### Token Revocation Example