You’re thinking about the authentication flow correctly, specifically that you’ll need to store the tokens you receive for each user of your app.
It sounds like you’re using User Access Tokens, which are issued with an expiration time (about 4 hours from creation). When a token expires you can use the refresh token to get another access token. That route is an alternative to forcing the user to re-authorize your application every 4 hours or so.
Using tokens in this way seems to be conventional for OAuth systems, so there are other resources out there that may help:
- Some suggest storing tokens encoded within a cookie
- For Using OAuth2 with Google APIs, storing refresh tokens in “secure, long-term storage” is recommended
Also, I think you explained your problem clearly, and reading your English is no problem 