Specifically, the DELETE method was rejected as tokens aren't
necessarily directly URL-addressable from the token endpoint.
Shoehorning that requirement in order to make it feel more RESTful was
more of a hack than a few folks (myself included) really wanted to make.
-- Justin
On 11/29/2011 08:08 AM, Lodderstedt, Torsten wrote:
Hi Bart,
I think this would be a truly RESTful approach. The group discussed
this topic several months ago and consensus was to use another
endpoint for token revocation (== deletion). Pls. take a look onto
http://tools.ietf.org/html/draft-lodderstedt-oauth-revocation-02.
regards,
Torsten.
*Von:*Bart Wiegmans [mailto:b...@all4students.nl]
*Gesendet:* Dienstag, 29. November 2011 11:32
*An:* oauth WG
*Betreff:* [OAUTH-WG] delete access tokens?
Hello everybody, again.
This is just me pushing a random idea, but what if you specified that
clients could ask for access token invalidation by making a DELETE
request to the token endpoint?
Bart Wiegmans
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
