Hi Devs, I'm working implementing an SPA that uses OAuth access-token in securing resource access. In the documentation [1] I found that to validate the access token that I already have obtained, the introspection endpoint can be used.
My question is, is there a way where I can send both the accesss token and the refresh token, then IS will validate the access token, and if the access token is expired IS will issue a new access token for the given refresh token. I understand that the above use-case can be achieved by 2 requests to the IS. But I'm curious is to know whether there is a way to achieve this by a single request. [1] https://docs.wso2.com/display/IS530/Invoke+the+OAuth+Introspection+Endpoint Best, Thilina -- *Thilina Madumal* *Software Engineer | **WSO2* Email: thilina...@wso2.com Mobile: *+ <+94%2077%20767%201807>94 774553167* Web: <http://goog_716986954>http://wso2.com <http://wso2.com/signature>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
