Hi , Thank you for your help so far. I've now had the opportunity to use this further and have some questions regarding implementation. The `refresh_token`, while designed as a "long lived token", invalidates itself when used to generate an access token. The response includes a new refresh token along with the access token. That behaviour is an optional part of the OAUTH2 spec, and it is one that causes a problem for working with distributed agents, because the refresh token has to be coordinated across any machines that need to generate access tokens. It would be helpful if there were the ability to only regenerate the refresh_token on a long-lived basis, and not every time an access token is generated. This would allow each agent to use the (securely stored) refresh token without needing cross-machine coordination, except that which naturally happens over a much longer timescale. Are there any plans to support any other grant types for more easier trusted machine<->machine communication, such as client credentials grant? Kind regards, Richard
... View more
