On Wed, Apr 3, 2013 at 10:17 PM, Johann Nallathamby <[email protected]> wrote:
> Hi Sanjeewa, > > I think what we have is correct. According to the spec to refresh the > access token the client needs to authenticate with the server (by sending > client_id,client_secret) and send the refresh_token. This is what the API > Manager doc also says. Only additional parameter the APIManager doc has is > the scope which is optional according to the spec. > Hi Johann, Thanks for the explanation. I thought authenticate means client authentication with username and password for a given user. > > Thanks, > Johann. > > > > > On Wed, Apr 3, 2013 at 6:00 PM, Sanjeewa Malalgoda <[email protected]>wrote: > >> Hi, >> In our oauth2 implementation we have to send consumer key and secret key >> (base 64 encoded) with refresh token to generate new access token. Its >> explained in API manager document[1] in that manner. But AFAIK we do not >> need to pass consumer and consumer secret keys to generate new access token >> when we have refresh token and user credentials. Its explained in oauth2 >> spec[2] as follows. Please correct me if i understood this concept in a >> wrong way. >> >> The client requests a new access token by authenticating with >> the authorization server and presenting the refresh token. The >> client authentication requirements are based on the client type >> and on the authorization server policies. >> >> >> >> [1] >> http://docs.wso2.org/wiki/display/AM130/User+Tokens#UserTokens-Renewing >> [2]http://tools.ietf.org/html/draft-ietf-oauth-v2-31 >> >> Thanks. >> -- >> *Sanjeewa Malalgoda* >> WSO2 Inc. >> Mobile : +14084122175 | +94713068779 >> >> <http://sanjeewamalalgoda.blogspot.com/>blog >> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >> > > -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +14084122175 | +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
