Hi OAuthers, I’m thinking the way to issue refresh tokens both to native app and its backend server at same time. I have 2 ideas currently.
1. including 2 audience in a single authorization code, and allow using the code once per the audience. 2. issuing 2 code one for native app, one for backend server. 1st way means code can be used twice, so it can break RFC6749. 2nd way means defining another code (ex. code_for_backend etc.) Does someone has implementation supporting such use-case? — nov _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
