Sorry about any confusion, Zach is right. Essentially the mobile apps and your own apps hitting the api can request an access token by sending a POST to “/oauth/token” that looks something like:
That request causes the previous token to be invalidated, and a new one granted. Logging into the build site doesn’t cause the token to be invalidated because it’s special, and we recognized that would be really inconvenient. Down the road - the mobile apps, the build site, and your own custom apps will all get different client specific access tokens, so this won’t be an issue. For my code I “log in” using this POST method to make sure I always have a current token. Hope that helps.