I have been considering to use square payments api for an App I am developing. After going through the API help (https://docs.connect.squareup.com/basics/oauth/overview) particularly on the OAuth Overview, i find something intriguing.
Square OAuth access tokens expire after 30 days with a grace period of 15 days. Applications must manually renew expired access tokens within the 15 day grace period.
This is of course expected as tokens do expire. But to renew the token, I was shocked to know that USER HAS TO LOGIN AGAIN TO AUTHORIZE THE APP.
This is something that doesn't make sense. How can I expect the user to login every 30 days? I mean, this will beat the purpose of having an App to automate process for the user.
I've looked at the token renew sample code and the code needs an authorization code (which is obtained from user login).
$oauthRequestBody = array(
'client_id' => $applicationId,
'client_secret' => $applicationSecret,
'code' => $authorizationCode,
# The OAuth token you want to renew.
'access_token' => $oauthToken,
);
Can someone confirm if my understanding here is correct? If this be the case.. Square API is rendered useless to me.
Your understanding is not the case (luckily!). The docs are a bit off and will be updated shortly ( thanks for reporting!).
You only need to specify the access token you are renewing. See here for correct info https://docs.connect.squareup.com/api/oauth#post-renew