Luiz de Prá
Reputation: 1475
It is normal for an OAuth2 implementation to create a new access token every authentication?
I'm using an OAuth 2.0 implementation (django-ouath-toolkit) and I noticed that every time an user request a access token I get a new registry in my database. This is a normal behaviour? They should not be recycled/replaced by application and user every authentication request?
If an user logs in 5 times in a row, all the 5 returned access tokens will be stored and will be valid until it expires.
If it is relevant, I'm using password grant type and public client type.
Thank you all.
Upvotes: 0
Views: 47
Answers (1)
Vilmantas Baranauskas
Reputation: 6726
Yes, this is the common practice: New Access-Token is created on each authentication request.
It is, however, somewhat uncommon that user would log in 5 times in a row.
Upvotes: 1
Related Questions
- Token Authentication for RESTful API: should the token be periodically changed?
- Generating single access token with Django OAuth2 Toolkit
- Python Django: Why Google OAuth2 Token is valid after expiration time?
- Do I need to manually get new tokens for OAuth in a Django webapp?
- apigee oauth2 generates new access token everytime
- same token is getting on token request in django
- OAuth 2 Requesting a new Access Token uses up Refresh Token?
- Expected behavior for repeated OAuth 2 access token request
- django TokenAuthentication is key always unique inside the authtoken_token table?
- Django: OAuth token storage and renewal