Some applications require access to APIs on behalf of the user even when the user is not present, i.e. offline access.
OAuth is a protocol that allows applications to obtain a token to access an API when the user is not present but when the tokens expire they need to be renewed.
Some APIs like Google and Box.net support automatic renewal of expired tokens.
Using OAuth Tokens to Access APIs Without the User Presence
OAuth is a protocol that was thought to grant external applications the permission to call Web site API functions on behalf of an user.
It can be used for instance to get details of the user account like his name or even email address, manipulate personal user information like for instance uploading user pictures, execute tasks as if it was the user executing them like sending scheduled posts to Facebook or Twitter, etc..
The way the OAuth protocol works, the user must be present online to grant permission to an external application so it can access the API on his behalf later.
Tokens are secret values generated by the API server that grants the access permissions. These tokens must be used by the external applications to perform API calls, so the server knows on behalf of which user the API is being called.
From then on the applications can perform API calls at will. The user is no longer required to be present while the tokens are valid. When the user is not present, this is called API offline access.
Offline access may be important for some applications that need to automate tasks that will be executed when the user is not present. That is for instance the case of applications that send posts to Twitter or Facebook at a given scheduled time.
Setting up the Tokens for Offline Access
As it was explained in a previous article, the usual way to process the OAuth protocol interactions using this class is to first call the Initialize function to setup the class object.
Then call the Process function to make the class handle the interactions between your application and the OAuth server to obtain the token values.
The access_token variable contains the main token value. For OAuth 1 servers, a secondary value is stored in the access_token_secret variable.
When you are done with the class, you need to call the Finalize function to cleanup any resources the class used during the process.
The calls to the server API must be done using the CallAPI function. It must be called only between the Initialize and Finalize calls.
The CallAPI function must be called only when the token values are obtained successfully. If the token values are being retrieved for the first time using the Process function, obviously the CallAPI function may only be called after a successful call to the Process function.
From then on, your application may perform as many calls to the API as necessary, but you no longer need to call the Process function before calling CallAPI.
You just need to set the tokens first before any call to CallAPI. You can do this using two methods. The first method is to set the access_token and access_token_secret variables directly.
Retrieving Access Tokens from a Database
An alternative method to retrieve OAuth tokens consists in creating a sub-class and implement the functions GetAccessToken and StoreAccessToken functions to retrieve the token values from a database.
This is a more complicated method but it is recommended for offline access to the API because by default the OAuth client base class stores the retrieved tokens in session variables.
Session variables can only be used when the user is accessing a PHP based Web page. So if your application needs to get the previously retrieved tokens to make an offline access to the API, the default implementation of the GetAccessToken and StoreAccessToken functions is not appropriate.
This package provides a special sub-class named database_oauth_client_class to store and retrieve tokens automatically in a database. This sub-class alters the way tokens are stored and retrieved so a database is used instead of sessions.
Source From: http://www.phpclasses.org
One more thing to be added “The offline access token can be refreshed by making a call for obtaining actual access token which has expired after 3 hour while transaction paused either by switching current process or any dead lock.