dagitab
Reputation: 133
OAuth client credentials concept
I just have a question re client_credentials grant type in OAuth 2.0. When a client requests for an access token 2 times, will the access token requested on the first time be invalid?
Thanks!
Upvotes: 0
Views: 152
Answers (1)
jumuro
Reputation: 1532
The first obtained access token will be valid until it expires.
A token contains an authentication ticket including the indentity and an expiration time. When the token is decrypted, the server obtains the ticket and checks that the ticket is not expired. It uses the claims included in the ticket for authorization tasks.
Upvotes: 1
Related Questions
- How to validate an OAuth 2.0 access token for a resource server?
- How is OAuth 2 different from OAuth 1?
- What are the main differences between JWT and OAuth authentication?
- What is the purpose of the implicit grant authorization type in OAuth 2?
- OAuth 2.0: Benefits and use cases — why?
- Why do access tokens expire?
- Refreshing OAuth token using Retrofit without modifying all calls
- Why is there an "Authorization Code" flow in OAuth2 when "Implicit" flow works so well?
- How does OAuth 2 protect against things like replay attacks using the Security Token?
- What is the difference between the OAuth Authorization Code and Implicit workflows? When to use each one?