Issue refresh tokens [OAuth 2]
tmingos opened this issue · comments
We currently issue only long-lived access tokens (1 year expiration date). This means after a year has passed, a user will need to re-authorize API apps they are using.
We intend to offer refresh tokens to enable API apps to automatically refresh old access tokens server-side. We've run into a bug with our OAuth2 provider that seems to be preventing refresh tokens from being issued.
Once issue is resolved with our OAuth 2 provider, we'll get refresh_tokens added ASAP and update documentation.
This is now accomplished with id-service. All existing clients have been updated to have the refresh_token
grant as well. Only thing remaining is to update documentation.