Handle Patreon token expiration via refresh

[brettdh]

Motivation

The Patreon token that we retrieve from Patreon's OAuth2 API expire - supposedly after a month, but seemingly more quickly in practice. We can handle this without the user noticing - by refreshing then token after we notice that it has expired.

Update

It seems this also occurs if you complete the OAuth login flow on a second device. I haven't confirmed this with Patreon Developer Support yet, but this sure seems to imply that a Patron can only have one valid token at a time. Not sure if the refresh token is also invalidated in this way; figuring that out will determine how transparently we can handle this.

(It's probably pretty unusual for someone to use more than one device with the app - but the second we think about making a web version or tablet version, that goes out the window.)

Update update

I have an initial implementation of refresh in test, but it appears that the second device's authentication invalidates the first device's refresh token as well. Currently waiting to hear back from Patreon platform support to confirm this.

Plan of action

The Patreon API returns 401 if the token has expired, and the backend's /contentful endpoint detects this and returns 401 to the app. When the app sees this, it should use the backend's /patreon/validate endpoint, along with the refresh_token that came along with the access_token, to obtain and store a new access token and refresh token. See the Patreon API documentation for details.