Skip to content
Advertisement

Tag: oauth

Is refreshing the OAuth refresh token standard behavior?

I’m implementing an API wrapper for an OAuth API (in particular, TD Ameritrade) and I’ve encountered an interesting piece of functionality. Unlike most OAuth implementations I’ve seen, in which refresh token is valid for some time period and then the user has to re-authenticate, this API supports refreshing the refresh token itself. In particular, if you send a request with

Why is a redirect used on oath?

See the example here. Why is a redirect used simply to connect to a service? Why bother with mocking a service and all that stuff? Is there some valid reason for all of this or is this just because someone made an assumption about how authentications would be used (i.e. author and user are different)? Is there a good way

Advertisement