Upon receiving the HTTP 401 response when accessing protected resource
per §4, the Client makes an HTTPS request to the Authorization
Server's Refresh Token URL using POST. The request contains the
REQUIRED. The Client Identifier
REQUIRED. The Client Secret
REQUIRED. The Refresh Token that was received in 5.3.4
Was this meant to be a server to server call or the clients browser
posting to the providers server?
This is intended to be a server to server call. The wrap_client_secret is
used to authenticate the client, which makes it unsafe to send to the user's
Hope that helps
On 3/3/10 12:28 AM, "Jason Hullinger" <sshj...@gmail.com> wrote:
> 5.4.8 of the spec regarding refreshing the access toke (http://oauth-
You received this message because you are subscribed to the Google Groups "OAuth WRAP WG" group.
To post to this group, send email to oauth-...@googlegroups.com.
To unsubscribe from this group, send email to oauth-wrap-w...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/oauth-wrap-wg?hl=en.