1

I have implemented Oauth2.0 using JWT token until it seems to be basically worked with Spring Boot.

Question1 : I can call this URL in order to get 'access_token' and 'refresh_token' as a response.

https://myapp/oauth/token?grant_type=password&username=______&password=_______

But when every time I re-called the url, both access_token and refresh_token were regenerated and the old access_token can still be used until it expired. Is it how it really works? Regenerate both every time?

Question2 : Moreover, when I need to refresh my access_token, I called this URL

 https://myapp/oauth/token?grant_type=password&username=______&password=_______

I, again, got both new access_token and new refresh_token. It is pretty strange for me that refresh_token was used to generate a newer refresh_token. But the old refresh_token can still works?!

If this already what JWT token should really work, please tell me why we need refresh_token when we can call the first URL to get new token anyway.

I have spent sometime on this but still could not find a clear reference mentioning these things. If you could tell me the right flow that it should work I would appreciate that. Thank you in advance.

Edmund
  • 53
  • 3
  • Possible duplicate of [Why Does OAuth v2 Have Both Access and Refresh Tokens?](http://stackoverflow.com/questions/3487991/why-does-oauth-v2-have-both-access-and-refresh-tokens) – Strelok Feb 01 '17 at 11:47
  • So someone please answer my Question2. It is pretty strange for me that refresh_token was used to generate a newer refresh_token. But the old refresh_token can still works?! – Edmund Feb 02 '17 at 03:56

1 Answers1

0

Regarding Question 2: yes, you get a new access_token and refresh_token. It's up to you (or whoever is responsible for the RefreshTokenProvider) that the resfresh_token can only be used once. This blog article: http://bitoftech.net/2014/07/16/enable-oauth-refresh-tokens-angularjs-app-using-asp-net-web-api-2-owin/ (scroll down to step 6) shows an example.

jps
  • 20,041
  • 15
  • 75
  • 79