So I am confused on Creator Tokens, and them refreshing.
If I log into an OAuth app as me (a creator), it refreshes my creator token which breaks my app I am working on.
Ive seen the posts about Creator Tokens no longer refreshing , and many about them refreshing. What on earth is the current proper use here?
Some posts say do not log into OAuth as the same creator as your app/client, and instead create another account to get a set of creator tokens.
Is the only current way to manage this really to create a dummy Patreon account, then go through the steps of making the dummy account ALSO a creator so I can get a set of creator tokens that wont expire to use with my app?
This seems like it really should work differently. Im hoping I am just not finding the right, most up to date info, and its really not this weird.
Thanks for any insight here, so confusing lol
If you log in with Patreon OAuth, it issues a new access token and new refresh token, every time you login with Patreon OAuth. That token can be used by your application to access the API to get what you need from there (email, username, etc.). Ideally, you’re storing these tokens in your app’s database somewhere and you update them after login and grab them from the database when you need to reach out to the API. My own website has the redirect URI set to a page that triggers my site to reach out to the API to grab what it needs, storing everything at that point. Later there are scripts that run that grab the user access tokens and use them to update patron details in the background. But all I really need is the current entitled amount and the patron status so I don’t save anything else.
It depends what you’re actually trying to do with the OAuth and API, though, as that’ll change the “best” course of action.
Sorry but you misunderstand. I’m familiar with how the tokens work and how to use them.
The issue is that if I login to an app, it refreshes my creator tokens, breaking my ability to make use of a refresh token essentially.
It seems like the only way to avoid this is to create an entirely new account, and go through the steps to make it a creator just to have a set of creator tokens that cant be invalidated by ME logging into OAuth somewhere.
Is this your app, or someone else’s app?