+1 for adoption
Hutch
On Tue, Jul 25, 2017 at 2:32 PM, William Denniss
wrote:
> I support adoption of this document by the working group.
>
> On Tue, Jul 25, 2017 at 11:03 AM, Jim Willeke wrote:
>
>> +1 for adoption
>>
>> --
>> -jim
>> Jim Willeke
>>
>> On Thu, Jul 20, 2017 at 8:37 AM, Rifaa
In OAuth, the audience for the token is the resource server and not the client.
OAuth delegates a client to act for a user. OIDC issues an ID token whose
audience is the client.
Assuming OAuth...
The life of the token is dependent on the risk at the resource.
Refresh token lets the client do
+1 for adoption
--
-jim
Jim Willeke
On Thu, Jul 20, 2017 at 8:37 AM, Rifaat Shekh-Yusef
wrote:
> All,
>
> We would like to get a confirmation on the mailing list for the adoption
> of the *JSON Web Token Best Current Practices* as a WG document
> https://datatracker.ietf.org/doc/draft-sheffer-o
Hello,
Depending on what is meant by “scenario to be supported from the authorization
server (platform) itself and not in the client app or resource server”, it may
be it difficult (or impossible) to achieve.
In the end, the resource server only applies token lifetime policy *if it
decides to d
Max-age has to do with user re-auth in connect.
Some AS only give refresh tokens if a scope of offline_acess or some such
special scope is requested.
There is no standard scope for that.
I don’t know of any way for the client to control the lifetime of the access
token other than by revoking it
For browser apps, implicit flow provides an access token but no refresh
token. For non-browser apps only client credentials grant doesn't
supply a refresh token. As for token access times, I believe only
extensions to OAuth define those types of capabilities. i.e. OpenID
Connect defines a "m
Hi All,
We have a scenario where one of our stakeholder wants to mandatorily
initiate the authentication at certain point of time.
As per
https://www.oauth.com/oauth2-servers/access-tokens/access-token-lifetime/
there can be an option where access token is set for certain time and
refresh token i
+1 to have the JWT BCP doc adopted
Vladimir
On 21/07/17 08:07, Brian Campbell wrote:
> +1 for adoption
>
> On Thu, Jul 20, 2017 at 8:47 PM, Phil Hunt (IDM)
> wrote:
>
>> +1 adoption
>>
>> Phil
>>
>> On Jul 20, 2017, at 11:26 AM, John Bradley wrote:
>>
>> I support adoption
>>
>> On Jul 20, 201