2020-03-26 UTC
# 
vika_nezrimaya We have access tokens, but we don't usually make them expire. How would IndieAuth be extended if tokens were allowed to expire? I assume we would need some sort of a refresh token that could be used to expand an access token's lifespan. Pinging @aaronpk because he knows a lot about OAuth :3