I'm looking for advice on how to manage the expired/refresh token flow. In other words, assuming I have all the proper data stored (e.g., oauth_session_handle), what is the proper (i.e., most efficient) method for learning if the token is expired, then refreshing if needed? So far I see a few options, none of which feel perfect:
Method #1: Keep track ourselves
This means store as (for example) 'time_expired', and calculate it based on time of access token storage + 3600 seconds (well, + oauth_expires_in). Then, if current time exceeds this then it's expired, therefore refresh token before doing anything else. Possible errors, sure, so may fallback to the method #2 described below.
Method #2: Double query, scan response for token_expire error code on failure
This essentially means run queries twice, sometimes. If it failed but emitted the token_expire error then refresh and try again.
Method #3: ???
I'm new to OAuth so could be overlooking something simple but the OAuth API I use (PHP PECL/OAuth) does not appear to offer an obvious solution, so maybe people here have advice and/or ideas. Also if you have ideas for how said API could be improved for this (or any) task, I'm sure that'd be appreciated too.
I would suggest going with method 1 with one minor change: You should probably request a new access token a few minutes before it expires to allow for time difference between your server and Yahoo! OAuth server.