I did not consider the user-agent flow. I guess the only truly accurate response would provide both an expires_from and an expires_at?
On Dec 14, 2010, at 3:56 PM, Paul Lindner wrote: > For User Agent flow you really really really want expires_in > > Do you know how many PCs and browsers have their clock set incorrectly? > > > On Tue, Dec 14, 2010 at 3:23 PM, Aaron Parecki <aa...@parecki.com> wrote: >> Agreed. I like the idea of expires_at as well. One of the first things a >> client is going to do after receiving the expires_in is calculate the >> current time plus the offset. Makes sense to eliminate one source of timing >> errors. >> >> On Dec 14, 2010 2:54 PM, "Paul Walker" <pjwal...@gmail.com> wrote: >>> It seems to me that expires_in suffers from the same machine time >>> synchronization issue and additionally throws in an indeterminable time >>> amount, while expires_at would only suffer from the former. >>> >>> ~pj >>> >>> On Dec 14, 2010, at 1:35 PM, Marius Scurtescu wrote: >>> >>>> expires_at requires very good time synchronization for all machines >>>> involved. >>>> >>>> expires_in, while not very exact, is more resilient. >>>> >>>> Marius >>>> >>>> >>>> >>>> On Tue, Dec 14, 2010 at 1:24 PM, Jitesh Bhate <jbh...@exacttarget.com> >>>> wrote: >>>>> I have same question, Thanks Paul for Raising this >>>>> >>>>> Regards >>>>> Jitesh >>>>> >>>>> -----Original Message----- >>>>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf >>>>> Of Paul Walker >>>>> Sent: Tuesday, December 14, 2010 4:14 PM >>>>> To: OAuth WG >>>>> Subject: [OAUTH-WG] expires_at vs expires_in >>>>> >>>>> Has there been discussion of using expires_at as an exact epoch time in >>>>> seconds as opposed to expires_in which is, at best, an approximation "from >>>>> the time the response was generated by the authorization server?" I >>>>> apologize if this has been discussed previously. >>>>> >>>>> ~pj >>>>> _______________________________________________ >>>>> OAuth mailing list >>>>> OAuth@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/oauth >>>>> _______________________________________________ >>>>> OAuth mailing list >>>>> OAuth@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/oauth >>>>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >> > > > > -- > Paul Lindner -- lind...@inuus.com -- linkedin.com/in/plindner
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
