jackm-mimica commented on PR #338: URL: https://github.com/apache/arrow-rs-object-store/pull/338#issuecomment-2820764013
Thanks for your question about the refresh_token grant type. To clarify: The tokeninfo endpoint (https://oauth2.googleapis.com/tokeninfo) is designed to validate and return information about an access token, not a refresh token. When you use a refresh_token grant type, you would typically make a request to the token endpoint (https://oauth2.googleapis.com/token), which then returns a new access_token (and potentially a new refresh_token depending on configuration). The document you referenced (google.aip.dev/auth/4113) covers guidelines for OAuth authentication flows, but doesn't specifically address the behavior of the tokeninfo endpoint with respect to refresh tokens. The change I implemented maintains this distinction between endpoints - tokeninfo for validating access tokens, and the token endpoint for operations involving refresh tokens. Does this address your question, or were you referring to a different aspect of the authentication flow? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: github-unsubscr...@arrow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
