Access token expire. Long running applications (e.g. ones, whose browser window/tab is not closed for a long time) may experience token expiration.
Right now, there seem to be two alternatives:
- let the user log-in again (this might badly affect user experience)
- auto-login the user again (this would require storing the user’s password internally, which is not the polite English way)
From other projects I know the alternative that a still valid token may be used to get a new one - s.th. like a “token refresh”. Token refresh usually become available after 60%-75% of the token lifetime and avoid having to store any customer credentials inside an application. A new login would then only be required if the token couldn’t be refreshed in time.
Additionally, applications normally do not have to refresh tokens themselves - that feature is usually “hidden” inside a client library and checked during every request made
Would it be possible to provide a token refresh in VoltCloud? As a consequence you could even reduce the lifetime of your tokens