Sure, this seems sensible, especially with the *optional* part.
On Apr 15, 2010, at 3:22 PM, David Recordon wrote:
+1, remember discussing this a week or so ago on the list
On Thu, Apr 15, 2010 at 12:12 PM, Eran Hammer-Lahav <e...@hueniverse.com
> wrote:
Not all the flows return a refresh token for security or practicality
reasons. Adding refresh token as optional in all access token
requests is
required to enable upgrading a token to a token with secret. It
also can
make the spec slightly shorter by not having to repeat all the
parameters.
We need to either add it to every token response or allow the
client to
request a secret directly without having to refresh the token.
Proposal: Keep bearer tokens as the default first-issued credential
and add
an optional refresh token everywhere.
EHL
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
