Re: [OAUTH-WG] Refresh tokens

William J. Mills Wed, 15 Jun 2011 13:25:16 -0700

I like your draft in general, but


     10.1.3. Access Tokens

     Access tokens are shorter-lived versions of refresh tokens.

Doesn't work for me.  Access tokens are credentials used to access protected 
resources.  Refresh 
tokens are credentials used to obtain access tokens.

-bill



________________________________
From: Brian Eaton <bea...@google.com>
To: Eran Hammer-Lahav <e...@hueniverse.com>
Cc: OAuth WG <oauth@ietf.org>
Sent: Wednesday, June 15, 2011 11:32 AM
Subject: Re: [OAUTH-WG] Refresh tokens


On Wed, Jun 15, 2011 at 10:30 AM, Eran Hammer-Lahav <e...@hueniverse.com> wrote:

I would like to add a quick discussion of access token and refresh token 
recommended deployment setup, providing clear guidelines when a refresh token 
SHOULD and SHOULD NOT be issued, and when issues, how it is difference from the 
access token.

Is this a start?

http://www.ietf.org/mail-archive/web/oauth/current/msg06362.html
  
It’s time we stop trying to accommodate every possible combination and make 
some hard choices.

+1.  Yes please.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Refresh tokens

Reply via email to