I have implemented Identity Server 4 with a password grant type flow. I would like to know if it is possible to implement a refresh token so the client does not have to resend the username and password when the auth token expires. If so, can I please have some documentation.
Thanks Greg
According to the docs:
Refresh tokens are supported for the following flows: authorization code, hybrid and resource owner password credential flow. The clients needs to be explicitly authorized to request refresh tokens by setting
AllowOfflineAccesstotrue
So in theory you should be able to implement it, by setting the required parameters.
Just as an FYI, there is something else. Again from the docs:
The resource owner password grant type allows to request tokens on behalf of a user by sending the user’s name and password to the token endpoint. This is so called “non-interactive” authentication and is generally not recommended.
So if you have the chance to use another grant type - I would advise you so. If not, the answer to your question is - yes, you can use refresh tokens with the Password grant type