Refresh tokens. Do we need them?

How do we get refresh tokens for Create Sign up/Login API workflows. This is useful for building an alternative front-end to the Bubble app, such as a native app that you developed. When an API workflow contains a sign up or login action, then a user ID, token, and expiration, expressed in seconds, are returned with the response of the call. Subsequent calls to the app’s API, with a header Authorization: Bearer API_TOKEN , runs all calls and workflows in the context of the user associated with the token. This user will be the ‘Current user,’ who you can access with actions. Privacy rules will apply to this user as they would if the user was logging in the Bubble app and using it in their own browser. This token should be kept safe.

Do we need to refresh tokens? if so-how?

Access tokens only represent the user for a fixed period of time in most cases. you need the refresh to “remind” the backend who’s on the frontend in a safe manner. this helps prevent unauthorized access from folks leaving their shit signed in.

you don’t need them with bubble but for any oAuth 2 client you will likely want them for security purposes. storing these can allow you to act on behalf of the individual also. Such as when you want to write to someone’s calendar or pull their events from their calendar in a booking app.

I’m talking about tokens directly related and assigned to a user when they sign up for our app as specified in the API section of the bubble documentation. If I want a user to interact with my workflows or data, and have their own token for access. When I’m debugging my own, it keep showing incorrect or expired token.