jspωiki
Offline_access

Overview#

Offline_access is defined in OpenID Connect as an OAuth Scope value to request offline access:

Offline_access - OPTIONAL This scope value requests that an OAuth 2.0 Refresh Token be issued that can be used to obtain an Access Token that grants access to the End-User's userinfo_endpoint even when the End-User is not present (not logged in).

When Offline_access is requested, a prompt parameter value of consent MUST be used unless other conditions for processing the request permitting offline access to the requested resources are in place. The OpenID Connect Provider MUST always obtain consent to returning a Refresh Token that enables Offline_access to the requested resources. A previously saved user consent is not always sufficient to grant Offline_access.

Upon receipt of a scope parameter containing the Offline_access value, the Authorization Server:

The use of Refresh Tokens is not exclusive to the Offline_access use case. The Authorization Server MAY grant Refresh Tokens in other contexts that are beyond the scope of OpenID.Core.

More Information#

There might be more information for this subject on one of the following: