I like your draft in general, but
10.1.3. Access Tokens
Access tokens are shorter-lived versions of refresh tokens.
Doesn't work for me. Access tokens are credentials used to access protected
resources. Refresh
tokens are credentials used to obtain access tokens.
-bill
________________________________
From: Brian Eaton <bea...@google.com>
To: Eran Hammer-Lahav <e...@hueniverse.com>
Cc: OAuth WG <oauth@ietf.org>
Sent: Wednesday, June 15, 2011 11:32 AM
Subject: Re: [OAUTH-WG] Refresh tokens
On Wed, Jun 15, 2011 at 10:30 AM, Eran Hammer-Lahav <e...@hueniverse.com> wrote:
I would like to add a quick discussion of access token and refresh token
recommended deployment setup, providing clear guidelines when a refresh token
SHOULD and SHOULD NOT be issued, and when issues, how it is difference from the
access token.
Is this a start?
http://www.ietf.org/mail-archive/web/oauth/current/msg06362.html
It’s time we stop trying to accommodate every possible combination and make
some hard choices.
+1. Yes please.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth