Collaborate Disseminate
Let’s say I got an access token of the "authorization code" grant type. After the expiration of it, I would refresh it using the refresh grant. Then I’ll get a new token. Is the grant type of the new token still the same as the &… Continue reading How should the grant type of an oauth2 access token be preserved after refreshing it using refresh grant?
I am an Open Banking enthusiast and I’m studying the Berlin Group’s XS2A framework these days. There, it has an error code called CERTIFICATE_BLOCKED. As the description of it, it states,
"Signature/corporate seal certificate has bee… Continue reading Can certificates be blocked temporarily by CAs?
Should we include the "at_hash" (access token hash) claim in the id token when the response type is "code id_token"? According to this article by Takahiko Kawasaki, when the response type is "code id_token" an… Continue reading Should we include the "at_hash" (access token hash) claim in the id token of the authorization response when the response type is "code id_token"?