> Then the refreshes are 144 times more frequent than is expected.
> you have shipped a lot of devices that behave like this, the service
> may well decide to block the client key for misbehaviour.
I never saw anything like this. Using refresh tokens is not mandatory;
of course it's possible that some server decides otherwise, but I'd
worry about that only when you point me at some real cases. :-)
You never saw what specifically, long-lasting access tokens, frequent short-lived
application processes, a combination of the two, or blocking of client keys, or something
I don't understand the point about optional usage of refresh tokens either. What does
it mean, and why is it relevant?