Hi,
In our oauth2 implementation we have to send consumer key and secret key
(base 64 encoded) with refresh token to generate new access token. Its
explained in API manager document[1] in that manner. But AFAIK we do not
need to pass consumer and consumer secret keys to generate new access token
when we have refresh token and user credentials. Its explained in oauth2
spec[2] as follows. Please correct me if i understood this concept in a
wrong way.
The client requests a new access token by authenticating with
the authorization server and presenting the refresh token. The
client authentication requirements are based on the client type
and on the authorization server policies.
[1]http://docs.wso2.org/wiki/display/AM130/User+Tokens#UserTokens-Renewing
[2]http://tools.ietf.org/html/draft-ietf-oauth-v2-31
Thanks.
--
*Sanjeewa Malalgoda*
WSO2 Inc.
Mobile : +14084122175 | +94713068779
<http://sanjeewamalalgoda.blogspot.com/>blog
:http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
