Hey Torsten - glad to see this spec out there, and we plan to implement in the future. Only 1 quick comment:
"the authorization server is supposed to detect the token type automatically." I think it would be better to have the client explicitly state the token type. The client will know, so we might as well remove the burden from the server trying to do this heuristically. -cmort On 3/14/11 3:15 AM, "Torsten Lodderstedt" <tors...@lodderstedt.net> wrote: Hi all, I just uploaded a new revision of the revocation I-D (http://tools.ietf.org/html/draft-lodderstedt-oauth-revocation-02). Changes: - dropped token_type parameter - made client authentication optional (as on the token endpoint) - changed success status code to 200 Thank's to all reviewers. regards, Torsten. -------- Original-Nachricht -------- Betreff: New Version Notification for draft-lodderstedt-oauth-revocation-02 Datum: Mon, 14 Mar 2011 04:11:50 -0700 (PDT) Von: IETF I-D Submission Tool <idsubmiss...@ietf.org> <mailto:idsubmiss...@ietf.org> An: tors...@lodderstedt.net CC: sdro...@gmx.de A new version of I-D, draft-lodderstedt-oauth-revocation-02.txt has been successfully submitted by Torsten Lodderstedt and posted to the IETF repository. Filename: draft-lodderstedt-oauth-revocation Revision: 02 Title: Token Revocation Creation_date: 2011-03-14 WG ID: Independent Submission Number_of_pages: 6 Abstract: This draft proposes an additional endpoint for OAuth authorization servers for revoking tokens. The IETF Secretariat.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
