At time of writing.
Refresh tokens don’t have an expiration
You may get a new refresh token when you refresh.
Every other token, either returns the expire time in seconds in the JSON blob, or you can check the expiration time via The validation endpoint
Generally speaking
- OIDC Tokens - 15 mins none refreshable not an oAuth Token
- Implicit User oAuth Token - 60 days none refreshable, can’t auto get new one
- Regular User oAuth Token - 4 hours, refreshable
- Server to Server token - 60 days, none refreshable, can auto get new one is not a user token
This is what most people do. They either refresh the token, at the time they need to (about to make a request), or before it expries.
Usually the former.
Chat bots only need a valid “user token” to login to chat, as it’s only checked at login. Then a chatbot can mostly use a app access/server to server token for everything else. Saves you some expires there.
If I refresh subscribers into a database, I’ll refresh the token if it’s expired when I do the run. Depends if I’m using the token for something else.
So, really, you only need to refresh the token “when you are about to use it”. As apposed to “when it’s about to die”