Trying to understand OAuth 2.0

1
votes

I've been developing api and decided to use OAuth 2.0.

I'm currently using this package https://github.com/lucadegasperi/oauth2-server-laravel/ . I have one client which is using Authorization Code Grant and it works fine untill my access token expires - then I don't really know what to do except setting date manually. I've been reading about OAuth so much that I got really confused.

Should one grant be assigned to one client or should it switch? Which grant should I use? And what should I do after this token expires?

I'm quite new with OAuth, so please don't be cruel ;-)

1
phpoauthlaravellaravel-4oauth-2.0

1 Answers

0
votes

You should enable the grants that you see fit. Typically this will be the authorization grant or sometimes the resource owner (password) grant. Both of these grant types allow you to issue a refresh token with your access token. The refresh token is a longer living token and is only sent to the authorization server when requesting an access token.

Your application (client) should be setup in such a way that when authenticating with the resource server has failed due to a timed out access token it should immedietly send out another request to the authorization server with the refresh token. The authorization server should issue a new access token and (usually) a new reresh token. Your client should then update the users access token and continue as normal.