Right now most of the flows return the same parameters (access token, expiration, refresh token). A few do not return a refresh token. When we add signatures, we will need to add token secret and algorithm type.
I know there are good reasons why certain flows do not return a refresh token but instead rely on the client repeating the request. However, there is a lot of value in simplicity and consistency in making every request return the same parameters. It will also allow specifying it one time instead of over and over again. Thoughts? EHL _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth