I just submited the first version of my I-D for token revocation.
Link: https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/
The I-D proposes an additional endpoint, which can be used to revoke
both refresh and access tokens. The objective is to enhance OAuth
security by giving clients and users explicite control of the
finalization of the token life cycle, e.g. to implement application
logout or access authorization removal.
Please take the time to review the document (2 pages, essentially) and
give me feedback. My goal is that this draft becomes a working group
document.
regards,
Torsten.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
