refresh tokens - Githubissues

foundersandcoders / open-tourism-platform

An open platform to facilitate the creation of apps to promote local tourism and business in Nazareth

MIT License

17 stars 3 forks source link

refresh tokens #102

Closed mattlub closed 6 years ago

mattlub commented 7 years ago

what are they?
how do they work with the OAuth flow?
do we need to think about them?

The OAuth branch which got merged #93 did not test for them at all.

from FACN2 research yesterday:

Productive Systems This is a more complex method. They use both short lived bearer tokens and longer lived refresh tokens. The longer lived refresh tokens are used to get the shorter bearer tokens . This allows users to create new bearer tokens without having to login again.

m4v15 commented 7 years ago

From here

So refresh tokens are sent back along with the access token and then when the access token expires the client can use the refresh token along with the client_id and client_secret to get a new access token without having to go through the process of getting a new auth code.

Oath2-node-server module says this is supported but I can't get it to work right now, it's not a massive priority atm tho.