Brian, Eran, et all I don't understand the need to discard relevant data while the authorization between end user and provider are valid.
On Jan 7, 2011, at 11:10 PM, Eran Hammer-Lahav wrote: > http://www.ietf.org/mail-archive/web/oauth/current/msg03734.html > > >> -----Original Message----- >> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf >> Of Paul Walker >> Sent: Friday, January 07, 2011 4:53 PM >> To: OAuth WG >> Subject: [OAUTH-WG] expired access token : deserves unique code? >> >> As far as I can tell (which isn't very far on many Friday afternoons), there >> is no >> way for a client to distinguish an expired access token from a revoked, >> malformed, etc token as the invalid_token error parameter value >> encompasses multiple scenarios. Of course, a client could parse the >> error_description, but this is an optional parameter with no guaranty of a >> common value among providers. >> >> Given that the client would want to make an explicit decision to request >> another access token using a refresh token (if available), would it not >> benefit >> clients if a specific error parameter value was defined for this scenario? >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
