Announcement Announcement Module
No announcement yet.
Refresh Token Vs Client Credentials Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Refresh Token Vs Client Credentials

    In scenario where the client is storing user credentials and has the ability to pass the client credentials to request for access token after expiration, is there any advantage of using refresh token mechanism over using client credentials for subsequent access token requests?
    If there any references which explains this can be provided that would be very helpful


  • #2
    A refresh token renews the access token it was issued with, in your case a password grant, by the sounds of it. It still represents a user. A client credentials token only represents the client. The differences should be clear - for a resource server to make an access decision it will need different information in general depending on whether the request is coming from a user (via the client) or from a client app.