question to get refresh token

Question

question to get refresh token

Closed this issue 9 years ago · 4 comments

Just a question to getting a new accesstoken via refreshtoken:
Is it normal that you don't send the authorizationHeader?
Or is this only for TrakTv?

Just wondering because here https://tools.ietf.org/html/rfc6749#section-6 is an example with

POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA

---> "Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW"

Gi-lo commented 9 years ago

Thanks :)

Answer 1 · 2015-07-05T15:26:31.000Z

Sorry for the late reply:

The secure transport of the refresh token is not covered by OAuth2. It only states that you must use https for your endpoints. For TraktTv the authorization is done via the api key but you can also use basic auth or any other mechanism.

Answer 2 · 2015-07-05T16:48:27.000Z

OK. Thanks for answer.

Answer 3 · 2015-07-05T16:48:37.000Z

btw very nice lib!!!!