This expiration time is just a hint, client code should work perfectly fine without it, or with a wrong one.
Trying to understand the use case here: JavaScript code receives an access token and the associated expires_in. It passes the access token to backend code, and this backend code is properly time synchronized and it needs to know when does the token expire. Right? Is the JavaScript code passing the access token down right away, or only after a while? If right away, then the backend code can just use expires_in as an offset from current time. It will be a few seconds off, but that should be acceptable IMO. Marius On Thu, Dec 23, 2010 at 2:43 AM, Olivier POITREY <r...@dailymotion.com> wrote: > You can't access it from JavaScript in most use-cases unfortunately. It's > why having both expires_in and expires_at would be nice. > > On 23 déc. 2010, at 11:36, "Pelle Wessman" <pe...@kodfabrik.se> wrote: > > For the Web Server flow you will have a HTTP Date header containing the > timestamp at which the token was generated - right? Combining the value of > that header with expires_in will get you the value of expires_at. > > / Pelle > > On Tue, Dec 14, 2010 at 10:14 PM, Paul Walker <pjwal...@gmail.com> wrote: >> >> Has there been discussion of using expires_at as an exact epoch time in >> seconds as opposed to expires_in which is, at best, an approximation "from >> the time the response was generated by the authorization server?" I >> apologize if this has been discussed previously. >> >> ~pj >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
