Context
I added a “Connect with Patreon” button to my php website (not wordpress).
The OAuth flow works, users can allow the connection and I get the tokens and can retrieve all necessary userdata.
I have mutliple questions regarding staying up to date. I see three technical approaches:
- save the refresh_token of the connecting user and use it to get a new access_token once I need to know if the user is still my supporter. I guess a cron job can refresh the refresh_tokens that were not used for a month so that they stay valid if the user is not active.
- register a webhook to get updates from patreon instead of asking the patreon API on demand. On each event I update my “local patreon cache”.
- Do the requests on demand like in point 1 but with creator permissions.
3a. Use creator tokens. Keeping the tokens valid in a cron job as in (1).
3b. Use a service account with a secret that does not expire.
Question 1
Any better/other approaches I don’t see yet?
Question 2
Anything against my assuption that I can use a cron job to refresh old refresh_tokens once a month? (point 1 and 3a)
Question 3
Regarding webhooks: is there a way to tell the patreon servers (programmatically!) to send accumulated events if my server was down and is now back online?
Without such an automatic trigger it is always possible that my system is online with old data and I need to implement path 1 or 3 anyway to get the state on demand if needed.
Question 4
Can I use the clientid and clientsecret as authentication method? Which grant_type would I set and how would I deliver the parameters? (path 3b)
Thanks a lot