On Aug 2, 2024, at 5:36 AM, Indeewari Wijesiri wrote:
> Hi Warren,
>
> Thank you for your attention.
>
> When public web clients use the authorization code grant for authentication,
> a successful response includes an access token and, optionally, a refresh
> token. If the access token is a
> --
> *From:* Indeewari Wijesiri
> *Sent:* Friday, August 2, 2024 7:36 AM
> *To:* Warren Parad
> *Cc:* oauth@ietf.org
> *Subject:* [OAUTH-WG] Re: Refresh Token Rotation
>
> Hi Warren,
>
> Thank you for your attention.
>
> When public
lue when you use it.
- Justin
From: Indeewari Wijesiri
Sent: Friday, August 2, 2024 7:36 AM
To: Warren Parad
Cc: oauth@ietf.org
Subject: [OAUTH-WG] Re: Refresh Token Rotation
Hi Warren,
Thank you for your attention.
When public web clients use the authorization co
Hi Warren,
Thank you for your attention.
When public web clients use the authorization code grant for
authentication, a successful response includes an access token and,
optionally, a refresh token. If the access token is a JWT rather than an
opaque token, the identity server will issue a new JWT
Indeewari,
I'm confused regarding what you are describing. Would you be able to give
additional context?
- Warren
On Fri, Aug 2, 2024 at 11:25 AM Indeewari Wijesiri
wrote:
> Hi all,
>
> Refresh token rotation, which involves issuing a new refresh token each
> time an access token is renewed, i