Re: [OAUTH-WG] Detecting revoked token in OAuth 2.0 client libraries

to determine token invalidity. With kind regards, Bart Wiegmans -Oorspronkelijk bericht- Van: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] Namens Andreas Åkre Solberg Verzonden: maandag 9 januari 2012 9:41 Aan: oauth@ietf.org Onderwerp: [OAUTH-WG] Detecting revoked token in

Re: [OAUTH-WG] Mandatory-to-implement token type

Just chipping in: I'd think [X and/or Y] should be Bearer and MAC, respectively. Between them I think they can cover a lot of use cases. Regards, Bart -Oorspronkelijk bericht- Van: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] Namens Stephen Farrell Verzonden: vrijdag 2 december 2

[OAUTH-WG] delete access tokens?

Hello everybody, again. This is just me pushing a random idea, but what if you specified that clients could ask for access token invalidation by making a DELETE request to the token endpoint? Bart Wiegmans ___ OAuth mailing list OAuth

Re: [OAUTH-WG] Refresh tokens

I forgot the following question: 5. If refresh taken are just another way of requesting access tokens, I believe they should be specified in section 4, with other grant types. But there must be a reason for the way it is now, so why? With kind regards, Bart Wiegmans | Developer

[OAUTH-WG] Refresh tokens

Hello everybody, This is my first post on this mailing list, so I will introduce myself. My name is Bart Wiegmans, I work in Groningen, the Netherlands. I am involved with OAuth2 because I am implementing an authorization server for my employer, all4students / studenten.net. I have few remarks