Hi Bart, I think this would be a truly RESTful approach. The group discussed this topic several months ago and consensus was to use another endpoint for token revocation (== deletion). Pls. take a look onto http://tools.ietf.org/html/draft-lodderstedt-oauth-revocation-02.
regards, Torsten. Von: Bart Wiegmans [mailto:b...@all4students.nl] Gesendet: Dienstag, 29. November 2011 11:32 An: oauth WG Betreff: [OAUTH-WG] delete access tokens? Hello everybody, again. This is just me pushing a random idea, but what if you specified that clients could ask for access token invalidation by making a DELETE request to the token endpoint? Bart Wiegmans
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
