FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Refresh token permissions

    Scheduled Pinned Locked Moved
    Q&A
    refresh token login-api oauth
    1
    2
    2.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      I'm confused about the API and refresh token permissions. Can you explain more?

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by

        There are two “worlds”, OAuth, and API only.

        API world (JSON in body, proprietary to FusionAuth):

        • Application > Security > Login API Settings > Generate Refresh Tokens (Generate a a refresh token when using the Login API)
        • Application > Security > Login API Settings > Enable JWT refresh (Allow a JWT to be refreshed using the /api/jwt/refresh API)

        OAuth world (form params, in body and in request, standardized):

        • Application > OAuth > Generate Refresh Tokens (Generate a refresh token if offline_access scope was requested)
        • Application > OAuth > Enabled Grants > Refresh Token (Allow a JWT to be refreshed using an refresh token) (edited)

        If you are living in the OAuth world, then you can disable the API access, and just use the OAuth configuration. And vice versa.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post