Developing Applications for Cisco Webex and Webex Devices (DEVWBX) — Question 13

Which two statements about Webex Teams refresh tokens are true? (Choose two.)

Answer options

• A. The refresh token is useless without the client ID and client secret.
• B. An attacker can use the refresh token to send messages on behalf of the user.
• C. The refresh token is used to generate a new access token.
• D. A new refresh token cannot be granted until the client ID is invalidated.
• E. The refresh token does not expire.

Correct answer: A, C

Explanation

Option A is correct because a refresh token needs both the client ID and client secret to be functional. Option C is also correct as the primary purpose of a refresh token is to generate a new access token. The other options are incorrect because a refresh token can expire, it can't be used to send messages directly, and it can be granted under certain conditions without needing to invalidate the client ID.