locked
Refresh Token in OAuth2 RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User1690434716 posted

    How to use refresh token in MVC Client ? In there, i want MVC client auto-post request to get new access_token and refresh_token (when access_token is expired ). I store token by using Session in MVC Client.

    Thanks a lot.

    Saturday, February 27, 2016 1:59 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User1779161005 posted

    Read the spec: https://tools.ietf.org/html/rfc6749

    Saturday, February 27, 2016 2:30 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User1690434716 posted

    Thanks a lot , Brock.

    But  i have two ideas about refresh a token :

    + Client check "timeout of token" since request to server API.

    + Server check"timeout of token" once request with token.

    Or how ways to use refresh token since access token timeout ?

     +--------+                                           +---------------+
  |        |--(A)------- Authorization Grant --------->|               |
  |        |                                           |               |
  |        |<-(B)----------- Access Token -------------|               |
  |        |               & Refresh Token             |               |
  |        |                                           |               |
  |        |                            +----------+   |               |
  |        |--(C)---- Access Token ---->|          |   |               |
  |        |                            |          |   |               |
  |        |<-(D)- Protected Resource --| Resource |   | Authorization |
  | Client |                            |  Server  |   |     Server    |
  |        |--(E)---- Access Token ---->|          |   |               |
  |        |                            |          |   |               |
  |        |<-(F)- Invalid Token Error -|          |   |               |
  |        |                            +----------+   |               |
  |        |                                           |               |
  |        |--(G)----------- Refresh Token ----------->|               |
  |        |                                           |               |
  |        |<-(H)----------- Access Token -------------|               |
  +--------+           & Optional Refresh Token        +---------------+
    Saturday, February 27, 2016 4:14 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User1686483761 posted

    Hi Ken.N,

    Client check "timeout of token" since request to server API.

    + Server check"timeout of token" once request with token.

    If you need to refresh token, your ideas is right, you could send a request to check if you need to refresh your token, or you need to check if access token timeout on server side when you send a request .

     

    Tuesday, March 1, 2016 6:55 AM