Microsoftannabarh Thank you for the great article! I have one question re refresh tokens:
According to https://learn.microsoft.com/en-us/entra/identity-platform/refresh-tokens " When a client acquires an access token to access a protected resource, the client also receives a refresh token. The refresh token is used to obtain new access and refresh token pairs when the current access token expires.
Refresh tokens are also used to acquire extra access tokens for other resources. Refresh tokens are bound to a combination of user and client, but aren't tied to a resource or tenant. A client can use a refresh token to acquire access tokens across any combination of resource and tenant where it has permission to do so. Refresh tokens are encrypted and only the Microsoft identity platform can read them."
In this article's above diagram (Yellow Square) it is mentioned that "Refresh Tokens [are] renewable and long-living artifacts to maintain sign-in state for a specific app. Used to acquire other artifacts for that app"
Question is: are refresh tokens bound to specific app or can be used to get access tokens for any app? Is the difference because of how Entra ID treats Refresh Tokens?
P.S> RSA talk referenced above also compares Refresh Tokens with "season pass" which can be exchanged to token (access token) to any ride (app/resource).
Thank you in advance!!!!
