It's a hint to the client of when the token will probably expire. There was a
lot of discussion on what the right way to go was and there were several
"camps" on the right strategy choice would be, but in the end a very simple
solution was chosen. Most folks agreed that having more than one way to go was
not worth the complexity, so this single one was picked.
________________________________
From: Jérôme LELEU <lel...@gmail.com>
To: oauth@ietf.org
Sent: Sunday, August 19, 2012 1:25 AM
Subject: [OAUTH-WG] Access token timeout
Hi,
I might be misunderstanding the OAuth 2.0 spec (part 5.1, "expires_in"
property), but I understand that the timeout of the access token is a hard one
(amount of time between creation and expiration).
Am I right ?
Can we have a multiple use timeout ? A sliding window timeout ? Or a
combination of all ?
Thanks.
Best regards,
Jérôme
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
