Mar 29th, 2012, 10:55 AM
Refresh Token Vs Client Credentials
In scenario where the client is storing user credentials and has the ability to pass the client credentials to request for access token after expiration, is there any advantage of using refresh token mechanism over using client credentials for subsequent access token requests?
If there any references which explains this can be provided that would be very helpful
Mar 30th, 2012, 12:39 AM
A refresh token renews the access token it was issued with, in your case a password grant, by the sounds of it. It still represents a user. A client credentials token only represents the client. The differences should be clear - for a resource server to make an access decision it will need different information in general depending on whether the request is coming from a user (via the client) or from a client app.