Currently there’s support to have the Client. AutoRefreshSession but that only refreshes the session token, so if the refresh token has expired those calls will fail.
What would the best strategy there? And if the session token can have an expiry date of something like 1-7 days, what’s a good value for the refresh token? 30 days? I’m think we could re-authenticate every ~15 days and have the refresh token expiry after 30 days. Something like that. But would be glad to get some light shined on what the best practise is. It’s apparently a common thing to have these two tokens but new to me.
Generally, you use the refresh token to refresh an expired session without requiring the user to re-authenticate. Once both the session and refresh token have expired you should re-authenticate the user again using their credentials.