Renewal an oauth access token or obtaining a new one once it expires?

Question

I using quick books API in ruby via the gem quickbooks-ruby Everything is working fine. However, the one thing to note is that I don't store access token and access token secret in session. The reason is that an user in my rails application belong to an department and once an user of a particular department has gotten authenticated at quickbooks's website via oauth, all other users belonging to this user's department have to become authenticated (or connected) to quickbooks as well. So I store access_token, access_token_secret and realm_id into an user's table in db. Plus it has access_token_added_at field.

The thing about access_token is that it expires in 180 days as it's told at quickbooks's website. After that I must use reconnect.

The renewal must be made within 30 days of token expiry. Note that when your app received the token during the OAuth grant, the expiry date was calculated (180 days).

I wonder, do I necessarily have to use the renewal procedure? Can I not to use it and just replace "Connected to QuickBooks" button with "Connect to QuickBooks" in 180 day? How is renewal beneficial from receiving a new token in 180 days?

If I should use the renewal procedure, how do I force an use to renew it within the last 30 days? I have no idea because they can just turn a blind eye to the message saying "You should renew your quick book token" which I can place in my web site.

Answer 1

I wonder, do I necessarily have to use the renewal procedure?

You don't have to, but it's not terribly user friendly to force them to click a button to connect again every 180 days.

Can I not to use it and just replace "Connected to QuickBooks" button with "Connect to QuickBooks" in 180 day?

This is perfectly fine, as long as you don't mind fielding the angry "why aren't I connected to QuickBooks anymore!?!" questions from your customers.

How is renewal beneficial from receiving a new token in 180 days?

It's much more user friendly to renew for them, rather than forcing them to click a button every 180 days.

If I should use the renewal procedure, how do I force an use to renew it within the last 30 days? I have no idea because they can just turn a blind eye to the message saying "You should renew your quick book token" which I can place in my web site.

You don't even need to tell them you're doing this.

Store the timestamp when the token was set up, set up a cron script, and whenever a token is due for renewal go ahead and renew it.