Issuing Refresh Token Based On Client

This topic has 3 replies, 2 voices, and was last updated 3 months, 1 week ago by Jatinder Singh.

  • Author
    Posts
  • #28064
     ray.deng83
    Participant

    Hi Folks,

    Is it possible to issue a Refresh Token based on client?

    For example, client A and B are registered in the same realm and they both use client_credentials flow. When client A requests for access token, a refresh token will be issued. But for client B, no refresh token will be issued, only access token.

    Thanks.

    Best,
    Le

    #28070
     Jatinder Singh
    Participant

    I am not sure if you can restrict like that from the same realm. But as an alternative approach you could set the Refresh Token Lifetime (seconds) for Client B to a negligible number like 1 second. This way even if a refresh token is issued, it expires really fast.

    #28071
     ray.deng83
    Participant

    That’s a good point. Should be enough for our use case. Thanks Jatinder!

    Best,
    Le

    #28073
     Jatinder Singh
    Participant

    Np :) Happy ForgeRocking!!!

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?