asp.net web api - Difference between refresh_token and access_token -


i can't find reason why use refresh_token. when can make access_token longed lived...

why have both?

as have jwt tag on question assume referring json web tokens

the following referenced from

refresh tokens: when use them , how interact jwts

  • access tokens carry necessary information access resource directly. in other words, when client passes access token server managing resource, server can use information contained in token decide whether client authorized or not. access tokens have expiration date , short-lived.

  • refresh tokens carry information necessary new access token. in other words, whenever access token required access specific resource, client may use refresh token new access token issued authentication server. common use cases include getting new access tokens after old ones have expired, or getting access new resource first time. refresh tokens can expire rather long-lived. refresh tokens subject strict storage requirements ensure not leaked. can blacklisted authorization server.

this second reference interesting read re short-lived access token , long-lived refresh token. why oauth v2 have both access , refresh tokens?

revocation: if access token self contained, authorization can revoked not issuing new access tokens. resource not need query authorization server see if access token valid.this simplifies access token validation , makes easier scale , support multiple authorization servers. there window of time when access token valid, authorization revoked.

hope helps.


Comments

Post a Comment

Popular posts from this blog

php - Wordpress website dashboard page or post editor content is not showing but front end data is showing properly -

Image
recently have uploaded wordpress site onto server. have uploaded wordpress site in sub-folder under root folder ../root(domain root folder)/wordpress (where host wordpress folder). now problem content data in page or post in dashboard of wordpress admin panel not showing - see image. but data showing in front view - see image. if not browser cache issue , not issue happened tinymce editor during upgrade; try add config file: define('concatenate_scripts', false);
Read more

How to get the ip address of VM and use it to configure SSH connection dynamically in Ansible -

i trying ip address of vm , trying use establish ssh vm. following script: --- - hosts: localhost become: yes connection: local gather_facts: false serial: 1 vars_files: - createvmvars.yml tasks: - name: gathering vm info. vsphere_guest: vcenter_hostname: "{{vcenter_hostname}}" username: "{{vcenter_username}}" password: "{{vcenter_password}}" guest: "{{guest_name}}" vmware_guest_facts: yes register: var - debug: msg="{{var.ansible_facts.hw_eth0.ipaddresses[0]}}" - name: establishing ssh connection. script: /home/shasha/devops/scripts/ssh_configure.sh "{{var.ansible_facts.hw_eth0.ipaddresses[0]}}" following content of ssh_configure.sh : #!/bin/sh ssh-keygen -t rsa ssh-copy-id $1 but when running playbook, getting following error while executing third task: error! 'var' undefined but debug module(second task) printin
Read more

javascript - Get parameter of GET request -

i make request: createxhrrequest( "get", fileurl, function( err, response ) { if( err ) { alert( "error get!" ); } alert(response); }); and full response: { "status" : "ok", "message" : "jvberi0xljqkjdduxdgkmy how can jvberi0xlj ? i try response.message , response["message"]. nothing works. just simple access this: var json = json.parse(response); json.message
Read more