Hi all; Our requirement is to have a Refresh token for Application access token.
*Usecase;* To provide a refresh token for the Application Token and allow configuring its expiry time so that each Application Token will have its own life duration. But it seems this is against to Oauth spec.. We use Refresh token to avoid providing user credentials and it is used to refresh the user Access token. When we generate Application accesstoken, we don't provide user credentials.So, getting refresh token for Application Access token, seems against spec? @Johan, Can you provide some context on this? Thanks -- -Ratha mobile: (+94)755906608
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
