Another downside to option 3 is that it immediately invalidates the access token so if the program is interrupted after the call to refresh the access token, but before persisting the updated access and refresh tokens the program won't be able to recover on it's own without manually going through the first step. I really wish there was an option for basic-auth for server-side integration. Even options 2 and 3, while workable, turn into a lot of work maintaining timers and coordinating state between concurrent workers.
... View more
