Determining When to Refresh Access to Asana API

Question

When I do the initial authentication to the Asana API with OAuth, it gives me a refresh_token as well as an expires_in of 3600 ms (1 hour).

What is the typical way of determining whether my app will need to use the refresh_token to get a new access_token?

I can think of two options:

1. Watch for an authentication error and then request a new access_token.
2. Store the date/time from now until 1 hour from now. Then with each API request, check the date/time to see if that time has already passed, and if so, request a new access_token.

Is there a better way than one of these two options? I don't see a recommendation from Asana in their OAuth documentation.

Thanks!

Answer 1

(I work at Asana.)

Great question! Both of your ideas are quite reasonable and should work - pick whichever is easiest / makes sense for your implementation. #1 is a little more robust in case there is skew with the timing, but if you just add some padding (be sure to request the token 1-2 minutes before expiration) then #2 should work just fine.

Note that it is always possible for the user to revoke the token, in which case when you go to get a new token the request will fail.

This seems like a good thing for us to recommend in the documentation, and possibly even add an automatic mechanism for in our client libraries.