I was just looking through your implementation and trying to understand how you're using the refresh token provided by the API. Are you fetching a new access token each time the user invokes your application? or are you storing the access token somewhere until expiry (in which case, why is the refresh token required) ?
I'd really appreciate if you could answer these questions as I'm new to OAUTH and having a hard time in deciding between creating new accestokens each time using credentials or with refreshtokens.
Thanks a lot!