We have an OAuth App and are creating access_tokens with the expectation that our system would periodically invoke the GitHub API without an active user. (The user authorizes our app and walks away)
Usually with OAuth Code Flow, I would expect to see a refresh_token returned from the token endpoint when I supply the code and get an access_token. The refresh_token could be used later to get access_tokens later without any user interaction. I’ve also seen other solutions implement something like an ‘offline_access’ scope which lets the system know I need a refresh_token or to extend the access_token expiry. GitHub has not mentioned in their documenation and doesn’t seem to provide a refresh_token, and the access_token seems to expire after about a day. If I needed to call the API daily, I would have to keep re-engaging with the user daily to authorize and this is not desirable.
What is the best practice for managing ‘offline access’ in GitHub?
Is there a way to get a refresh_token?
Is there a way to extend the expiry of the access_tokens I do get?