Refresh Token
From MgmtWiki
Revision as of 09:13, 3 October 2018 by Tom (talk | contribs) (Created page with "==Full Title or Meme== As used in this wiki a Refresh Token is one that is issued together with some sort of Grant that allows the holder of the Grant to request...")
Full Title or Meme
As used in this wiki a Refresh Token is one that is issued together with some sort of Grant that allows the holder of the Grant to request a new one when it expires.
Context
The Refresh Token is a means to maintain a Grant or Authorization to access a Resource over time that enables Revocation of the Grant by the owner of the Resource.
Problems
- As a general rule any Grant that is issued to any Subject cannot be guaranteed of Revocation because it is not possible to know where that Grant has been used.
- Current legislation (like GDPR gives a User a right to Revocation of Grants.