HadrienGardeur
commented
3 years ago Well, if you receive a Refresh Token, you need a place to use it.
The Refresh Link is where you send a Refresh Token to get a new Access Token.
Closed llemeurfr closed 3 years ago
HadrienGardeur
commented
3 years ago Well, if you receive a Refresh Token, you need a place to use it.
The Refresh Link is where you send a Refresh Token to get a new Access Token.
llemeurfr
commented
3 years ago bon dieu mais c'est bien sûr.
From the OAuth2 spec, Resource Owner Password Grant section https://tools.ietf.org/html/rfc6749#section-4.3.3, a refresh token can be returned in the response to an authentication request.
Therefore I'm wondering what is the interest of specifying the possibility to have a refresh link in https://drafts.opds.io/authentication-for-opds-1.0.html#346-resource-owner-password-credentials-grant.