Sure, a refresh token as well depending on the AS implementation.
On Thu, Jun 17, 2010 at 11:17 AM, Marius Scurtescu <mscurte...@google.com> wrote: > On Thu, Jun 17, 2010 at 11:09 AM, Eran Hammer-Lahav <e...@hueniverse.com> > wrote: >> We added an optional authorization code which can only be used after >> exchanging it for an access token with required client authentication >> (client secret). > > Just to make sure I understand the new flow, the authorization code is > supposed to be exchanged for an access *and* a refresh token, right? I > don't see the point of swapping it only for an access token. > > Marius > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
