Token from storage should expire but hasExpired always returns false

[edsonhoraciojunior]

I'm using OAuth 2 with Forge Autodesk, they usually return tokens with expires_in: 3599.
If I get a token from storage and run

$token = new AccessToken($token);
if ($token->hasExpired()) {
    $this->refreshToken($token);
}

$accessToken->hasExpired() always return false, because on the construct the expiration date is calculated with timeNow + expires_in.
With this logic, the token will never expire, which is incorrect.

1. Is this logic incorrect?
2. Am I using OAuth wrong? Am I expected to always refresh the token before using it for the second time, even if it didn't expire?

[edsonhoraciojunior]

Me and my buddies were checking this situation and we found out that instead of saving the token->getValues() (which has expires_in) to the DB, we should save the result of jsonSerialize(), which calculates the expires with the correct timestamp in seconds.
I think we can improve the documentation by adding this info, making it explicit, what do you think?