Closed
Description
An AccessToken
lives longer than an Authentication
. For example, a user's authenticated session may last for an hour, whereas the AccessToken
associated with the user and AuthorizedClient
may last a day.
We should remove this association and start leveraging SecurityTokenRepository<AccessToken>
when the AuthorizedClient
needs the AccessToken
to make a protected resource call.