You could have a refresh token that never expires. Having to use the refresh
token to get a new access token gives you a single control point to allow
checking whether that refresh token should still be valid. Means the RS
doesn't have to do that stuff.
On Monday, August 24, 2015 8:09
There is a good debate and discussion on refresh tokens on StackOverflow.
http://stackoverflow.com/questions/3487991/why-does-oauth-v2-have-both-access-and-refresh-tokens
Is this a good place to send developers to answer refresh token questions, and
if not, can the illustrious smart people on t
I think Nat’s diagram about the problems of doing pseudo authentication with
OAuth is being taken out of context.
The refresh token dosen’t expire, it is revoked by the user or system. In some
cases refresh tokens are automatically revoked if the users session to the AS
ends. I think AOL typi
The lifetime of a refresh token is up to the AS — they can expire, be revoked,
etc. The difference between a refresh token and an access token is the
audience: the refresh token only goes back to the AS, the access token goes to
the RS.
Also, just getting an access token doesn’t mean the user’
Hi,
> Requests to the token endpoint are URL form encoded not JSON in your
example.
My bad.
According to http://tools.ietf.org/html/rfc6749#section-4.3,
application/x-www-form-urlencoded not application/json is correct for token
endpoint request's content type. Right?
Thanks,
-- Donghwan
On S
Hi,
According to Figure 2 from http://tools.ietf.org/html/rfc6749#section-1.5,
refresh token can be used to refresh an expired access token without
requesting resource owner to sign in again (uncomfortable experience).
However, if it's true, isn't it that refresh token might be used to request
a n
Hi folks,
First off, I appreciate your answers.
What I try to do with OAuth is to design a set of APIs which allow to write
application without server in a standard-compliant way and I chose OAuth
for the social web. Because the current API I work on uses a kind
of Form-based authentication (
htt
