Kittybox uses very short-lived access tokens (7 days) and long-lived refresh tokens. The intended behavior is for an app to refresh its token once it expires, to prevent an accidentally leaked token from allowing long-term access to my website. Quill doesn't seem to do so, resulting in errors and need to re-authenticate manually every seven days.
While I could special-case Quill's client ID, I feel like showing preferential behavior for clients using outdated standards might do more harm than good to the ecosystem, therefore I am filing this as an issue for Quill instead.
Kittybox uses very short-lived access tokens (7 days) and long-lived refresh tokens. The intended behavior is for an app to refresh its token once it expires, to prevent an accidentally leaked token from allowing long-term access to my website. Quill doesn't seem to do so, resulting in errors and need to re-authenticate manually every seven days.
While I could special-case Quill's client ID, I feel like showing preferential behavior for clients using outdated standards might do more harm than good to the ecosystem, therefore I am filing this as an issue for Quill instead.