refresh-token – IT Nursery

What is the purpose of a “Refresh Token”?

May 31, 2022 by IT Nursery

I have a program that integrates with the YouTube Live Streaming API. It runs on timers, so its been relatively easy for me to program in to fetch a new Access Token every 50 minutes with a Refresh Token. My question is, why? When I authenticated with YouTube, it gave me a Refresh Token. I … Read more

Why Does OAuth v2 Have Both Access and Refresh Tokens?

April 22, 2022 by IT Nursery

Section 4.2 of the draft OAuth 2.0 protocol indicates that an authorization server can return both an access_token (which is used to authenticate oneself with a resource) as well as a refresh_token, which is used purely to create a new access_token: https://www.rfc-editor.org/rfc/rfc6749#section-4.2 Why have both? Why not just make the access_token last as long as … Read more