Difference between revisions of "Refresh Token"
From MgmtWiki
(→Problems) |
(→Solutions) |
||
Line 11: | Line 11: | ||
==Solutions== | ==Solutions== | ||
− | + | The [[Refresh Token]] can be used to renew an expired [[Grant]] by going back to a database to assure that the [[User]] that issued the [[Grant]] has not issued a [[Revocation]]. | |
==References== | ==References== |
Revision as of 09:15, 3 October 2018
Full Title or Meme
As used in this wiki a Refresh Token is one that is issued together with some sort of Grant that allows the holder of the Grant to request a new one when it expires.
Context
The Refresh Token is a means to maintain a Grant or Authorization to access a Resource over time that enables Revocation of the Grant by the owner of the Resource.
Problems
- As a general rule any Grant that is issued to any Subject cannot be guaranteed of Revocation because it is not possible to know where that Grant has been used.
- Current legislation (like GDPR) gives a User a right to Revocation of Grants.
Solutions
The Refresh Token can be used to renew an expired Grant by going back to a database to assure that the User that issued the Grant has not issued a Revocation.