Refreshing a refresh token when the grant type is "refresh_token"

You can choose whether to keep a refresh token or not when issuing an access token with the refresh token grant type.

 (Service Owner Console > Token > Refresh Token Continuous Use)

If "Kept" is selected, the authorization server does NOT issue a new refresh token along with a new access token. In this case, an end user (resource owner) will be asked to authenticate and authorize when the original refresh token is expired.

2019-06-17_kbFigures_03.png 130.97 KB


If "Not kept" is selected, the authorization server issues a new refresh token along with a new access token. In this case, the expiration time of a refresh token will be renewed every time the authorization server refreshes a refresh token, and thus an end user will not be asked to authenticate and authorize while actively using the service.
How did we do with this article?