Any plan to introduce the `refresh_token` scheme? #1441

retzero · 2024-12-05T02:58:49Z

retzero
Dec 5, 2024

First Check

I added a very descriptive title here.
I used the GitHub search to find a similar question and didn't find it.
I searched in the documentation/README.
I already searched in Google "How to do X" and didn't find any information.
I already read and followed all the tutorial in the docs/README and didn't find an answer.

Commit to Help

I commit to help with one of those options 👆

Example Code

No.

Description

When the access_token expires, the user encounters 403 error.
Do you have plan to introduce refresh_token scenario also?

Operating System

Linux

Operating System Details

Ubuntu 22.04

Python Version

3.10.12

Additional Context

No response

Answered by tiangolo

Feb 27, 2025

A refresh token wouldn't add any extra security as the final public client would be the same one that gets access to it. A refresh token would make more sense in other OAuth2 flows, like a code flow, where a secure backend can hold the refresh token.

View full answer

tiangolo · 2025-02-27T21:34:03Z

tiangolo
Feb 27, 2025
Maintainer

A refresh token wouldn't add any extra security as the final public client would be the same one that gets access to it. A refresh token would make more sense in other OAuth2 flows, like a code flow, where a secure backend can hold the refresh token.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Any plan to introduce the `refresh_token` scheme? #1441

{{title}}

Replies: 1 comment

{{title}}

Select a reply

Any plan to introduce the refresh_token scheme? #1441

retzero Dec 5, 2024

First Check

Commit to Help

Example Code

Description

Operating System

Operating System Details

Python Version

Additional Context

Replies: 1 comment

tiangolo Feb 27, 2025 Maintainer

Any plan to introduce the `refresh_token` scheme? #1441

retzero
Dec 5, 2024

tiangolo
Feb 27, 2025
Maintainer