Yes, this is useful and on my list of changes to apply. But I would like to start with a more basic, normative definition of what a refresh token is for. Right now, we have a very vague definition for it, and it is not clear how developers should use it alongside access tokens.
EHL From: Brian Eaton [mailto:bea...@google.com] Sent: Wednesday, June 15, 2011 11:33 AM To: Eran Hammer-Lahav Cc: OAuth WG Subject: Re: [OAUTH-WG] Refresh tokens On Wed, Jun 15, 2011 at 10:30 AM, Eran Hammer-Lahav <e...@hueniverse.com<mailto:e...@hueniverse.com>> wrote: I would like to add a quick discussion of access token and refresh token recommended deployment setup, providing clear guidelines when a refresh token SHOULD and SHOULD NOT be issued, and when issues, how it is difference from the access token. Is this a start? http://www.ietf.org/mail-archive/web/oauth/current/msg06362.html It's time we stop trying to accommodate every possible combination and make some hard choices. +1. Yes please.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
