Results 1 to 2 of 2

Thread: Refresh Token Vs Client Credentials

  1. Mar 29th, 2012, 10:55 AM #1
    javap
    javap is offline Junior Member
    Join Date
    Mar 2012
    Posts
    8

    Default Refresh Token Vs Client Credentials

    In scenario where the client is storing user credentials and has the ability to pass the client credentials to request for access token after expiration, is there any advantage of using refresh token mechanism over using client credentials for subsequent access token requests?
    If there any references which explains this can be provided that would be very helpful

    Thanks
    Reply With Quote Reply With Quote
  2. Mar 30th, 2012, 12:39 AM #2
    Dave Syer
    Dave Syer is offline Senior Member
    Join Date
    Jun 2005
    Posts
    4,230

    Default

    A refresh token renews the access token it was issued with, in your case a password grant, by the sounds of it. It still represents a user. A client credentials token only represents the client. The differences should be clear - for a resource server to make an access decision it will need different information in general depending on whether the request is coming from a user (via the client) or from a client app.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules