Online App Authentication using OAuth

amit_vickey
Tourist
5 0 2

Hi,

I'm trying to create an app that works on online access tokens. As per the docs, when the user clicks the "Install" button, an authorization_code is sent to the redirect_uri, using which access_token can be generated via endpoint /admin/oauth/access_token. This all happens during App installation. Now online access tokens expires as soon as the web session expires(or beyond a certain expiry time). How to re-generate the tokens i.e. if in future same/different user uses the app, what's the endpoint to  generate the online access tokens????
What's the validity of the authorization_code?
Also, can I use same refresh_token to re-generate fresh access_token?

amit_vickey
Tourist
5 0 2
  1. Once the App is successfully installed (i.e. the access tokens are generated successfully), the token will be at user-level. So after successful app installation, we have access token for one user. What about the access token for other users?
  2. If an un-expired online access token is refreshed/rotated, a new access token is generated, or same access token is returned with an extended validity?
  3. To successfully rotate an expired/un-expired access-token, both new API Secret Key and New Refresh Token is needed?
  4. Any REST API to generate new API Secret Key and/or Refresh Token (whichever is needed to rotate an access-token?