Hi,
I am from Workday working on the OAuth feature. We currently support PKCE based
OAuth flow, but we currently do not support returning refresh token since
client authentication is not possible without client_secret to exchange RT for
AT for offline access. I do see pattern of using device_sec
established trust) and adoptions
will not be an issue if enforced/required.
Thanks,
-Srinivas
From: Thumilan
Date: Tuesday, March 4, 2025 at 8:48 AM
To: Srinivas Challa
Cc: Aaron Parecki , oauth@ietf.org
Subject: Re: [OAUTH-WG] Re: Regarding issuing refresh tokens for PKCE based
OAuth grant flow
public clients along with refresh token.
Thanks,
-Srinivas
From: Aaron Parecki
Date: Tuesday, March 4, 2025 at 8:04 AM
To: Srinivas Challa
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Regarding issuing refresh tokens for PKCE based OAuth
grant flow
Hi Srinivas, There is no connection between PKCE
