ruby-on-rails - Infinite Oauth token rotation for machine-to-machine connection

问题描述

I am trying to send a POST request to the https://apiexplorer.nationbuilder.com/ API as a side effect in a Rails controller.

As far as I can tell this API requires you to use OAuth 2.0. Is there a way to keep OAuth tokens alive forever, so that the end user doesn't have to know about third party API authentication?

I am thinking that requesting a new refresh token every X minutes in a CRON task and then storing it in either Rails server instance memory or DB (PG, Redis) might solve this issue, but if possible I would want to avoid these architecture changes.

I was also considering initializing the app with an access token and then refreshing the refresh token on every request, but what happens if no one uses the application for a long time and the access and refresh tokens expire?

EDIT:

It turns out that when it comes to the nationbuilder you can request the initial access_token and it never expires unless it is revoked.

But the general question in still ->

How would one keep expiring Oauth sessions alive on the server side without ever needing to ask for re-authentification?

标签： ruby-on-railsauthenticationoauth-2.0server-to-server