When and why would I use the "refresh" forms of the AuthenticationContext acquireToken methods, vs. just calling the initial forms with the same credentials again?
Asked
Active
Viewed 367 times
1 Answers
0
I guess one answer would be that a refresh token can last a lot longer:
Access Tokens are short-lived and must be refreshed after they expire to continue accessing resources. You can refresh the access_token by submitting another POST request to the /token endpoint, but this time providing the refresh_token instead of the code.
Refresh tokens do not have specified lifetimes. Typically, the lifetimes of refresh tokens are relatively long. However, in some cases, refresh tokens expire, are revoked, or lack sufficient privileges for the desired action. Your application needs to expect and handle errors returned by the token issuance endpoint correctly.
dbreaux
- 4,982
- 1
- 25
- 64