Given "User using credentials of type OAuth 2.0", when "the access token is expired", then "get new token automatically"

[muhammad-levi]

(I don't know if this is the correct place to put this concerns of mine, and if the proposed solution is good enough or not)

If I use credentials of type OAuth 2.0 in the Credentials page of https://openfn.org, then I will get accessToken as part of the state.configuration. But, if the accessToken expires, then I would no longer be able to use it for accessing protected resources. (unless I delete the expired Credentials and add new Credentials with the same information, redo all the previous steps for getting the token)

I think it might be best in OpenFn.org use the client_credentials grant type in the Credentials of type OAuth 2.0, then also add mechanism if the time has passed for the same seconds as expiresIn since the token issuance OR if when make HTTP request to API path and the response is telling that the access token is expired, then automatically get new access token by using the same information for getting the access token with client_credentials grant. (maybe put maximum retries of 3 for the getting new token phase, if cannot get new token then abort)

What do you think? Am I understanding them correctly? Is that a good way to approach the issue?

Might be useful references:
https://developers.google.com/identity/protocols/oauth2
https://stackoverflow.com/a/43349958
https://cloud.google.com/apigee/docs/api-platform/security/oauth/oauth-20-client-credentials-grant-type