sindrenm10/27/2023, 12:56 PM
Specifically the “If the client knows the access token expired, it skips to step (G), […]” part of (E) seems to be missing from the plugin, AFAICT.
(C) The client makes a protected resource request to the resource server by presenting the access token. (D) The resource server validates the access token, and if valid, serves the request. (E) Steps (C) and (D) repeat until the access token expires. If the client knows the access token expired, it skips to step (G); otherwise, it makes another protected resource request. (F) Since the access token is invalid, the resource server returns an invalid token error. (G) The client requests a new access token by authenticating with the authorization server and presenting the refresh token. The client authentication requirements are based on the client type and on the authorization server policies.
e5l10/27/2023, 1:07 PM
Rustam Siniukov10/30/2023, 11:20 AM
sindrenm10/30/2023, 11:29 AM