Support for auth flow for apps (get temporary_authorization_code, access_token, refresh_token)

[picsoung]

Description

Handling the refresh token mechanism could be cumbersome. Let's simplify it for developers.

Context

Developers are free to decide when access tokens issued for their apps will expire. The default is 7 days.
On the OAuth payload, we send back an expires_in property to tell when the token expires. This is a timestamp.
We also send back a refresh_token that needs to be used to request a new token.

Possible Solution

two functions, one to check if there is a need to renew token, and one to renew it.

client.needToRefreshToken(expires_in)
client.refreshToken(refresh_token)

##Questions
Should we rewrite the Client object to store also the client id and client secret details about an app?
What should be the interface for those functions?

[mathio]

The library currently does not support the authorization flow for applications at all. You are right, it would be nice to add support for all API requests related to obtaining tokens on behalf of users that grant access to their Typeform account.

I do not think we should store client ID or secret in the client itself. However we could pass those values into methods that retrieve tokens on behalf of the user that granted access to the app.

[mathio]

@Typeform/reach should this be part of this lib, or maybe it belongs to a separate one?