I am linking a Drupal site to an Android application. With the help of the Simple OAuth module, users will log in to my android app using their Drupal site credentials.
I understand that once the client application has the access token, it can be included in the headers of any GET request to fetch JSON content from Drupal. I also know that https://example.com//simple-oauth/refresh will give a new access token, having the refresh token.
What should I do if both access and the refresh tokens are already expired? How do I get them from scratch? What is the URL to ask for the token, and how do I include the credentials with that via HTTP headers or in the URL?
Is there something I’m not aware of about this way of authenticating?