tyf
September 20, 2022, 10:45pm
12
Hey there @amit9 just following up on this - While there is no way to mint access tokens that don’t expire, in an M2M flow you should just be able to request a new token when needed. The following posts outline this:
Hello, @katab ,
Before moving on, it’s good to understand the concept of a Machine to Machine Authentication . This grant is intended for non-interactive clients, where a machine is requesting a token to be used on behalf of itself (never on behalf of a user). If you are using this token on behalf of a user, you have chosen the incorrect grant.
As such, the machine should be able to understand when the token has expired, and just request another one, as the machine itself, considering it’s a sec…
This looks pretty standard. A refresh token and a client secret are very similar when we boil them down in a client credentials grant.
This is a secure server, correct? If an attacker has access to your server you probably have a bigger problem than just the tokens, your client secret is more powerful.