I have read through most of the OAuth 2.0 specs and I cannot find any reference to what's inside an access token. Is this because the actual content is vendor specific? Or is there a standard mechanism for signing tokens with a expiry date and such like?
Thanks, Jørn Wildt -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.