[Openid-specs-fapi] Issue #553: More details on obtaining tokens for existing grant use case (openid/fapi)
Nikola Kramaric
issues-reply at bitbucket.org
Tue Nov 15 19:36:14 UTC 2022
New issue 553: More details on obtaining tokens for existing grant use case
https://bitbucket.org/openid/fapi/issues/553/more-details-on-obtaining-tokens-for
Nikola Kramaric:
> Obtaining new tokens for existing grants
>
> Clients can also obtain fresh access and, optionally refresh tokens based on existing grants if they re-issue an authorization request, reference an existing grant and follow the rest of the authorization code flow.
The following use case is outlined in the grant management spec but, for me, it is unclear how one would obtain new tokens for an existing `grant_id`. The parameter `grant_management_action` has the following options: `create` `merge` `replace`. Is the use case above achieved by not specifying a `grant_management_action` and only passing a `grant_id`?
Also, would the client application be required to pass the same scopes and `authorization_details` to the `/authorize` endpoint order to retrieve new tokens for an existing grant or would they need to pass those parameters if the intent is just to retrieve new tokens?
Just to provide a bit of context on my request. We are thinking about the use case where refresh tokens have expired even though the grant may not have expired \(assuming we there is some sort of grant/consent expiration\). It would also be nice to have some guidance on when to show the consent acceptance screen in this use-case, although `OAuth` provides no such guidance. I know IDPs have implemented parameters like `prompt`.
More information about the Openid-specs-fapi
mailing list