Hi all, Currently, I am working on a proof of concept to implement Personal Access Tokens (PAT) as a OAuth2 custom grant type because of the similarities between OAuth2 and Personal Access Tokens (PAT).
Since the PATs are created, managed and used by users, there is a requirement of listing the token metadata such as validity period, creation date, alias and description (the last two attributes are unique to PATs and part of the custom grant) in order to be viewed by the users (PAT owner). The main limitation that I came across using a custom grant is that even though the PATs have this listing requirement, there aren't any token metadata listing related information in specifications in OAuth2. I would like to know if anyone has seen this (listing token metadata) as a common use case in OAuth2 and a standard way of doing it had been proposed before? Thank You. Kind Regards, Dhaura Pathirana
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
