Hi Torsten, yes the use case in question is payment-based as well.
Your suggestion for the client to infer one-time usage from a missing expires_in contradicts the general consensus of this thread does it not?
paul On 1/17/12 11:38 AM, tors...@lodderstedt.net wrote:
Hi, isn't one-time semantics typically associated with certain requests on certain resources/resource types. I therefore would assume the client to know which tokens to use one-time only. The authz server should not return an expires_in paramter. We for example use one time access tokens for payment transactions. What would such an extension specify? regards, Torsten. Gesendet mit BlackBerry® Webmail von Telekom Deutschland -----Original Message----- From: Paul Madsen<paul.mad...@gmail.com> Sender: oauth-boun...@ietf.org Date: Tue, 17 Jan 2012 08:23:37 To: Richer, Justin P.<jric...@mitre.org> Cc: OAuth WG<oauth@ietf.org> Subject: Re: [OAUTH-WG] Access Token Response without expires_in _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
