I second this point. You are making it nearly impossible to implement this in any CMS. I've added a hook to sign people up in my CMS and I have to physically open my browser and refresh the token using your redirect URL all the time because this token keeps being invalidated and I am doing it the proper way by using the refresh token, NOT the access token. How in any world is this practical.  ... View more