marcv February 2016
Shouldn't the old access token be invalidated by a refresh call?
When I refresh an OAuth access token
A, I get an new access token
A is still valid, I can still use it.
Shouldn't the old access token be invalidated by the refresh operation? If not, if it's "by design", could someone give me details about why?
Note: using Symfony with the FOSOAuthServerBundle bundle.
Spomky February 2016
The RFC6749 section 1.5 indicates that:
Refresh tokens are issued to the client by the authorization server and are
used to obtain [...] additional access tokens
with identical or narrower scope
As far as I understand, the access token
A may be still valid when an access token
B is issued with the refreh token.
Asked in February 2016
Viewed 3,998 times
Answered 1 times
Leave an answer
Quote of the day: live life