Hi all, I have written up a draft for expiring refresh tokens, including both expiration from time-limited user consent as well as expiration due to enforced RT rotation deadline.
https://datatracker.ietf.org/doc/draft-watson-oauth-refresh-token-expiration/ Have a look and let me know what you think. - Nick
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
