We are embarking on a new app which will be the first since the new requirement for using Refresh Tokens. I'm confused by how the new workflow works, and am hopeful someone can help.
What is the process for getting the initial Access Token? Has that changed?
Then, what is the process for getting a Refresh Token? Is the Refresh Token different from the Access Token? Or is it just the Access Token 'refreshed' with a new expiration time?
Also, we had been storing Access Tokens in a database so as to not expire the tokens for our users and require reauthentication. Should we now store the Refresh Token going fowrad, and use that to generate hour-long Access Tokens as needed? Or is there another, better way to store 'something' and avoid our users needing to reauthenticate every time?