+1, remember discussing this a week or so ago on the list
On Thu, Apr 15, 2010 at 12:12 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > Not all the flows return a refresh token for security or practicality > reasons. Adding refresh token as optional in all access token requests is > required to enable upgrading a token to a token with secret. It also can > make the spec slightly shorter by not having to repeat all the parameters. > > We need to either add it to every token response or allow the client to > request a secret directly without having to refresh the token. > > Proposal: Keep bearer tokens as the default first-issued credential and add > an optional refresh token everywhere. > > EHL > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
