Hi,

  Once my app is authorized by a user to access fitbit metrics, I would like to persist the authed tokens for future usage without having to re-grant authorization. My understanding of oauth2 indicates I should be able to use the refreshToken across user sessions to re-auth with FB.

  However it appears that the refresh token expires at some point. What is the best way to handle persisting user oauth2 tokens for future usage without having the regrant privilidges assuming the scope remains the same across sessions?

Here is the flow I am trying to implement. Is this possble?

   - User login to my app

   - App is granted fitbit access using oauth2

   - App uses accessToken, RefeshToken to access the api.

   - Authed tokens are persisted in a database.

   - User logs off

   - User logs in App 

   - App retrieves refreshToken for user and request a new accessToken

   - App calls FB api

   -...

Thanks!