leastprivilege.com
Adding Refresh Tokens to a Web API v2 Authorization Server
In the last post I showed how to add a simple username/password (aka resource owner password credentials flow) authorization server to Web API v2. This has several advantages: The client does not n…