problem description
in Oauth2.0, when the access_token expires, you can use the previously obtained refresh_token to reapply for tokens. The problem now is that you don"t know how the authentication server reissues tokens to the client according to refresh_token.
the environmental background of the problem and what methods you have tried.
I have consulted some materials and feel that the implementation is diversified. The refresh interface of the authentication server mainly returns the following kinds of data:
1, returns brand-new access_token and refresh_token.
2. Return the new access_token, but the refresh_token is old. (it is possible that the expiration time of the old refresh_token will be updated)
3, return the old access_token and the old refresh_token. (I feel that the previous access_token can still be used because the expiration time has been updated.)
what result do you expect? What is the error message actually seen?
I personally feel that the first two are similar in nature, and the third is the old one, but the update time is not very good.
which of the above ways is better to ask the god to advise me? Or is there a better way to achieve it?