I’ve got a question regarding access tokens. As far as I know, it’s only possible to issue access tokens that have a user subject. We have a use case, where we transfer organization related data between 2 systems. One system is our own platform and the other platform is a third-party partner. You have to couple these organizations/platforms initially so that the other platform gets a refresh token for the data access. What we try to achieve is, that the refresh token is not related to the user that initiates the coupling, but the the organization itself. Otherwise the coupling might get lost, if the user deletes his account even if there are more users left in the organization.
Do you think that there is any way to do this or is this request contrary to the oAuth standard?
While I’m not positive it will suit your specific use case, it sounds like you might be interested in a Machine to Machine flow which is designed specifically for a scenario between systems where there is no user involved.
Regarding token renewal in a M2M flow, please take a look at the following thread: