Can an access token be used to obtain a new access token, or must you use a refresh token? Currently my oauth provider isn't providing a refresh token so I am trying to understand the capability, as I don't want to repass user/pw to provider after initial bearer token request.
Related Questions in OAUTH
- Lambda endpoint for the Google OAuth callback does not recieve the access_token
- Miro oauth api throws error 401 Invalid authorization code
- Error from Identity Provider - OIDC Scope Error
- get refresh token in axios interceptor
- How would single sign-on work for my multi-tenant application?
- How to get OAuth2 Access token from Postman
- How to use Oauth in order to log‑in on .googleapis.com on almost any arbitrary endpoints domains from the web browser?
- How to fix common 500 internal server error when use POST method on NEXTJS
- How to use a different account for OAuth with dbt-core and profiles.yml?
- ASP.NET Core Google external login issue
- Implementing IDP Initiated Flow Using OIDC
- Migration of UseOAuthAuthorizationServer from .Net Framework to .Net8
- Django Allauth Bad Request Error, Error Retrieving Access Token: Invalid Grant
- angular oauth 2 oidc doesn't work with github idp
- Handling oauth in flutter app without browser
Related Questions in ACCESS-TOKEN
- Page access token
- Error creating auth token for newly registered user in Django Rest Framework
- Handling Access Tokens and Refresh Token in an Apple Watch Companion App
- How to prevent o365 API connection from becoming invalidated from expired access token when using azure logic apps send email action
- How to secure JWT token
- Does bcp utility support Token based Authentication? If yes, I would like to know the process and which version of bcp to be used
- Rotating Gitlab's Service Account tokens with specified expiry
- how to store access token using cookie in Java spring boot?
- Will the refresh tokens issue new access token if a compromised access token is sent to the server?
- Upload data to Sharepoint from Databricks using Python
- How do I implement fine grained control to blobs in Azure Blob Storage using access tokens from Azure AD (Entra Id)?
- Symfony: get specific token info (app id) and use it inside app rights management
- Express.js with Azure Managed Identity not able to refresh access token after it expires
- How to get access token for further API calls in next-auth when you use personal server as provider in NextJs with TS?
- AttributeError: 'RefreshToken' object has no attribute 'blacklist_after'
Related Questions in REFRESH-TOKEN
- how to get refresh token in msal-browser Azure AD B2C login?
- Is it possible to get a refresh token for Azure Resource Manager API with the client credentials flow?
- Will the refresh tokens issue new access token if a compromised access token is sent to the server?
- How to avoid multiple refresh token call, if there are multiple API calls get unauthorized because access token expired
- How to Prevent Angular from Sending Multiple Refresh Token Requests upon Receiving 401 Response for Parallel Requests?
- In Twilio Conversations, how to catch the event when the user's token is in less than 3 minutes of validity (conversationsClientTokenWillExpire)
- Concurrency problems when using refresh token interceptor and NgRx pattern in Angular
- AttributeError: 'RefreshToken' object has no attribute 'blacklist_after'
- Keycloak refresh token returns "Stale token"
- Refresh auth token in nextjs 13 with custom backend
- Node.js Express: Access token refresh: how to ensure user's request is not interrupted?
- Node.JS Express - How to redirect user to original request after refreshing access tokens?
- Refresh Token and Access Token With Azure Entra ID and Microsoft Graph
- Why redisRepository.findById doesn't work
- My access and refresh token system seems pointless (Node.JS)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
I don't believe there is a possible way to get an access token without using a non-blacklisted refresh token. This is by design, since we don't want access tokens to be used for something they were not granted for. Ideally you would have saved a refresh token to get a new access token. Of course if the refresh token is expired or explicitly blacklisted by the server, you need to acquire a new one.
I found this helpful article here on it:
https://auth0.com/learn/refresh-tokens/