This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Offline_access
Offline_access

Version management

Difference between version and

At line 1 added 17 lines
!!! Overview
[{$pagename}] is defined in [OpenID Connect] as an [OAuth Scope] value to request offline access:
''[{$pagename}] - [OPTIONAL] This scope value requests that an [OAuth 2.0] [Refresh Token] be issued that can be used to obtain an [Access Token] that grants access to the [End-User]'s [userinfo_endpoint] even when the End-User is not present (not logged in).''
When [{$pagename}] is requested, a prompt parameter value of [consent] [MUST] be used unless other conditions for processing the request permitting offline access to the requested [resources] are in place. The [OpenID Connect Provider] [MUST] always obtain [consent] to returning a [Refresh Token] that enables [{$pagename}] to the requested [resources]. A previously saved user [consent] is __not always sufficient__ to grant [{$pagename}].
Upon receipt of a scope parameter containing the [{$pagename}] value, the Authorization Server:
* [MUST] ensure that the [Prompt Parameter] contains [consent] unless other conditions for processing the request permitting offline access to the requested resources are in place; unless one or both of these conditions are fulfilled, then it [MUST] ignore the [{$pagename}] request,
* [MUST] ignore the [{$pagename}] request unless the [Client] is using a [response_type] value that would result in an [Authorization Code] being returned,
* [MUST] explicitly receive or have [consent] for all [Clients] when the registered [application_type] is [web],
* SHOULD explicitly receive or have [consent] for all [Clients] when the registered [application_type] is [Native application].
The use of [Refresh Tokens] is not exclusive to the [{$pagename}] use case. The [Authorization Server] [MAY] grant [Refresh Tokens] in other [contexts] that are beyond the scope of [OpenID.Core].
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop