Refresh Tokens

Best approach would be that the user should always be presented with the notification of the new refresh token request, even if he was presented with that in the past.

Refresh Tokens should NEVER be exposed to the browser.

PreviousThe Resource Owner Password Credentials (ROPC) Grant TypeNextOAuth 2.1

Last updated