I'm currently using OAuth 2.0 to access the Google API. From my understanding, I should use the returned refresh token to renew the access token. Should this be refreshed before it expires or should it be when the user requests data from the api using an access token that has expired?

If it should be done before it expires, should I just be running a cron job to update out of date tokens?

I'm using node.js and mongodb, if that has any bearing on the recommended solution.

Thanks a lot!

It should be seamless.

When the user requests data from the API using an access token that has expired, this should trigger your framework to fail, renew, then retry.

No need for any cron jobs or stuff like that in the apps i've created.