Sure, a refresh token as well depending on the AS implementation.
On Thu, Jun 17, 2010 at 11:17 AM, Marius Scurtescu <[email protected]> wrote: > On Thu, Jun 17, 2010 at 11:09 AM, Eran Hammer-Lahav <[email protected]> > wrote: >> We added an optional authorization code which can only be used after >> exchanging it for an access token with required client authentication >> (client secret). > > Just to make sure I understand the new flow, the authorization code is > supposed to be exchanged for an access *and* a refresh token, right? I > don't see the point of swapping it only for an access token. > > Marius > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
