As I'm not sure in which level to solve this issue, I am including all possibilities in this thread.
I am trying to allow users of my application (DRF API) to connect their Autodesk account with their account on my platform. This should match the case B on this Autodesk article. However, in contrast from other providers I've seen, Autodesk refresh token expires after 15 days. If the user doesn't use the system for longer than 15 days and if I don't refresh it somehow automatically, they will have to re-connect their account.
This is basically my question. How should I deal with this issue? I am storing refresh tokens on the database, linked to the user profile. Should I implement a way to automatically refresh the token for the user, so they don't have to re-authenticate? What is the usual approach for this scenario?
Yes, implementing a way/background service to keep the access token & refresh token fresh automatically on your side is recommended in this scenario.
Here is the API call example:
curl -v 'https://developer.api.autodesk.com/authentication/v2/token'
-X 'POST'
-H 'Content-Type: application/x-www-form-urlencoded'
-H 'Accept: application/json'
-H 'Authorization: Basic RjZEbjh5cGVtMWo4UDZzVXo4SVgzcG1Tc09BOTlHVVQ6QVNOa3c4S3F6MXQwV1hISw==' \
-d 'grant_type=refresh_token'
-d 'refresh_token=GwA1Yc4MOVulVsArZTAz4WxzysDrlEKgfrC06RAyZN'
-d 'scope=data:read'
ref: https://aps.autodesk.com/en/docs/oauth/v2/reference/http/gettoken-POST/#example-3