Re: [OAUTH-WG] OAuth 2.0 Token Introspection in RFC7662 : Refresh token?

oken’s expiry? Can’t they > just use the refresh token and see? Either way it’s a single round trip to > the AS and the client gets the same answer with the same recovery code path. > > — Justin > > On Mar 4, 2020, at 2:01 PM, Bill Jung < > bjung=40pingidentity@dmarc.ietf

Re: [OAUTH-WG] OAuth 2.0 Token Introspection in RFC7662 : Refresh token?

ccess Token introspection to RS only. But then is that the right thing to do even? Surely some clarification will eliminate the time spent on unnecessary discussion among developers. <https://www.pingidentity.com>[image: Ping Identity] <https://www.pingidentity.com> Bill Jung

Re: [OAUTH-WG] OAuth 2.0 Token Introspection in RFC7662 : Refresh token?

Yes, actually the term "protected resource" is awkward. It is the resource server's jog to introspect tokens to protect those protected resources. <https://www.pingidentity.com>[image: Ping Identity] <https://www.pingidentity.com> Bill Jung Manager, Response Engineeri

[OAUTH-WG] OAuth 2.0 Token Introspection in RFC7662 : Refresh token?

oken" value returned from the token endpointas defined in OAuth 2.0 [RFC6749], Section 5.1."* So looks like a refresh token is allowed for this endpoint. <https://www.pingidentity.com>[image: Ping Identity] <https://www.pingidentity.com> Bill Jung Manager, Response Engineeri