>Yes. Refresh tokens, unlike access tokens, are long-lived. >However, either may stop working at any time, for any unspecified >reasons.
Thanks for the info! One thing that jogs my memory; you said before you had created a nmh project to register the client key and secret for nmh, and that we should resolve the ownership of that. I think we should get other developers involved on that project, just in case something happens to you. Also, I do have a question about that ... obviously our client "secret" isn't really secret, since it's embedded in our source code which is available for download. Is that to identify apps so users have more fine-grained permission control? Do other open-source applications just embed the secret in their source code? I guess that means other applications could take our secret and pretend to be nmh; I'm not sure that's a problem, but I just wanted to understand it. --Ken _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
