Page Comparison

...

1. Upgrade our django OAuth library to django-oauth-toolkit.
2. Update client-side code as follows:
   1. send API request with access token
   2. If access token is invalid, try to update it using refresh token
   3. if refresh request passes, update the access token and re-send the initial API request
   4. If refresh request fails, ask user to re-authenticate
3. Update the Client IDs for the new apps (see Client Rollout Plan).

Expiration Values

1. Set the default expiration for Access Tokens to 1 day (the accepted amount of time for a user to continue to use an unexpired token even after revocation).
2. Set the expiration time for Refresh Tokens to 2 weeks (analogous to our session cookies).

...