I am working on a product using two legged authentication with the Android SDK. When a new user logs into my app I create a shadow customer via a POST request like
curl --location --request POST 'https://api.particle.io/v1/products/<product-id>/customers/' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<client-id>' \
--data-urlencode 'client_secret=<client-secret>' \
--data-urlencode 'email=<customer-email>' \
--data-urlencode 'no_password=true'
The response I get looks like
{
"token_type": "bearer",
"access_token": "<access-token>",
"expires_in": 7776000,
"refresh_token": "<refresh-token>",
"scope": "customer=<customer-email>"
}
I am then saving <access-token> and <refresh-token> in my server and using those with the Android SDK as in
ParticleCloudSDK.getCloud().setAccessToken(<access-token>, Calendar.getInstance().add(Calendar.YEAR, 20).time, <refresh-token>)
This partially works. The access token for the first test account that I created (90 days ago) has now expired and I’m getting unauthorized access errors when I try to use the AndroidSDK to access that test customer’s devices. I noticed the Android SDK documentation says it will automatically renew an expired access token if a refresh token exists. I’m guessing that I would have to pass the actual expiration time to setAccessToken which I can do since it’s returned from the create customer POST request. Then how would I know that the access token has been refreshed and how would I access the new tokens from the Android SDK so that I can update my server with the new tokens?
Edit:
I see that I can refresh my customer’s token with
curl --location --request POST 'https://api.particle.io/oauth/token' \
--user <client-id>:<client-secret>\
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token=<refresh-token>'
Do I have to manage this manually?