http://www.ietf.org/mail-archive/web/oauth/current/msg03734.html
> -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Paul Walker > Sent: Friday, January 07, 2011 4:53 PM > To: OAuth WG > Subject: [OAUTH-WG] expired access token : deserves unique code? > > As far as I can tell (which isn't very far on many Friday afternoons), there > is no > way for a client to distinguish an expired access token from a revoked, > malformed, etc token as the invalid_token error parameter value > encompasses multiple scenarios. Of course, a client could parse the > error_description, but this is an optional parameter with no guaranty of a > common value among providers. > > Given that the client would want to make an explicit decision to request > another access token using a refresh token (if available), would it not > benefit > clients if a specific error parameter value was defined for this scenario? > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
