Refresh tokens are widely used to create access that is additional. a token that is refresh came back utilizing the access token when trading an authorization code included in the three-legged OAuth procedures, and it may be applied so long as the access token continues to be active.
This new access tokens may have similar termination and scopes while the initial access token, or may be specified to have a faster lifespan along with a smaller sized subset of scopes through the initial access token. Brand brand brand brand New access tokens is produced so that you can change the initial token or produced to serve as a extra token. You can even make use of refresh token phone telephone phone calls to completely expire the access that is original refresh tokens and any permissions given by the individual.
We recommend utilizing refresh tokens when you look at the following conditions:
- Changing access tokens that will have already been compromised (make sure to revoke the initial access token); or
- Providing a 3rd party this is certainly additionally an integral part of your ORCID integration more limited access and/or access for a time that is limited.
How do I revoke tokens?
Make use of your customer ID, secret, and either the active token or its associated refresh token to revoke the pair that is token. You’ll revoke pairs that are token in both the two-legged and three-legged OAuth procedures.