I am using Envato API for generating Access token and refresh token. Maximum duration for access token is 1 hour, so after 1 hour I use the refresh token to generate a new access token.
Unfortunately, unlike standard oAuth, this time (refresh token api hit) we do not get a new refresh token and using the same refresh results in a 400 error.
So, I am forced to ask user to re-authenticate via Envato and get a new access token which is not the desired way to do this.
Is this a bug or you (envato) want us to ask users to re-authenticate users again and again ?
Consider Use Case : Theme Update in WP admin - Updates stop appearing after 2 hours. Theme updates happen over a period of time in days , weeks, months. I am storing the access token call in database. Now, when user opens WP admin - updates section he’s able to see the update once via refresh token, but tokens expire every hour. So, second time (after 1 hour) the refresh token does not generate a new access token and I have to ask user to go to Options panel to re-authenticate via Envato login as the updates have stopped appearing.