Hello everyone.
My use case is as follows.
- request refresh token using client credentials. Returns refresh token
- Use refresh token(without client credentials) to obtain access token.
From what I read: To validate a refresh token I need client credentials. That defeats my propose of not exposing the client credentials on every token generation.
Is there a way to implement my requirments?
Thank you
LinkedIn
Twitter
