First time after starting the app, I verify with oauth redirect url and then I get access token and refresh token. Here, I found access token’s expires_in field usually have about 4 hours. Therefore, I refresh with refresh token to get new access token every 4 hours. And use this new access token for any job for next 4 hour.
However, at some point the app terminates for the reason which I haven’t found yet.
Is this correct way to do so? I wondered if I was doing wrong so the app crash happens due to my incorrect way.
Also it looked like that refresh token never changes even after I get new access token. It always returns different access token but with same refresh token whenever I refresh. Is this correct that I was supposed to refresh with only one refresh token, which is given at only the 1st time via oauth redirect, permanently if the app goes live permanent length of time?
It sounds like the way you’re using refresh tokens is all good. Some apps refresh tokens before they expire so that they always have a valid access token, where as some other apps may choose to wait until they actually need to make a request before refreshing, either way is perfectly fine and it’s up to you how you go about it.
You’ll need to log what errors are happening that is causing your app to crash as there’s too little information right now to try and debug what the issue is.
As for refresh tokens changing, they actually have their own expiration (which isn’t shown as it’s not something devs need to know). While you will often get back the same refresh token each time you refresh that isn’t a certainty, and at times you will get a new refresh token as well as a new access token so make sure you always save both tokens.