I live in this world and have given talks on OAuth at conferences explaining the refresh grant. But I felt the author gave a great explanation of the reason for using this grant instead of long lived access tokens.
Even tokens bound to the client by tools like DPoP would be better served using this grant.
As an aside, the quote "there are a number of incremental improvements that add up towards making it the overall superior design" is one of the reasons that using standards is so important. By pulling in viewpoints from all across the spectrum of users and uses, you can end up with incremental improvements that lead to a qualitatively better solution.
It's the same way code review can help a dev build better, even if it is slower.
I live in this world and have given talks on OAuth at conferences explaining the refresh grant. But I felt the author gave a great explanation of the reason for using this grant instead of long lived access tokens.
Even tokens bound to the client by tools like DPoP would be better served using this grant.
As an aside, the quote "there are a number of incremental improvements that add up towards making it the overall superior design" is one of the reasons that using standards is so important. By pulling in viewpoints from all across the spectrum of users and uses, you can end up with incremental improvements that lead to a qualitatively better solution.
It's the same way code review can help a dev build better, even if it is slower.