I am sorry if this was already discussed in this list.. Looking at [1] it only talks about revoking the access token from the client.
How about the resource owner..? There can be cases where resource owner needs to revoke an authorized access token from a given client. Or revoke an scope.. How are we going to address these requirements..? Thoughts appreciated... [1] http://tools.ietf.org/html/draft-ietf-oauth-revocation-04 -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
