Re: [OAUTH-WG] Access Token Response without expires_in

Tue, 17 Jan 2012 10:59:36 -0800 

By the same argument, the client can know how long the tokens are good for via 
API description. What we're talking about is a programmatic hint by the AS to 
the Client about what the token is good for. One common use is time-limited, 
and so provisions for that have been baked in so that everybody does it the 
same way. If there's enough out there to be use-limited or other bits, we 
should have a tiny provision to extend this in a similar fashion.

 -- Justin

________________________________
From: Torsten Lodderstedt [tors...@lodderstedt.net]
Sent: Tuesday, January 17, 2012 12:26 PM
To: Paul Madsen
Cc: oauth-boun...@ietf.org; Richer, Justin P.; OAuth WG
Subject: Re: AW: Re: [OAUTH-WG] Access Token Response without expires_in

Hi Paul,

that's not what I meant. The Client should know which tokens should be one time 
usage based on the API description. The authz server must not return expires_in 
because this would not make any sense in this case.

regards,
Torsten




Paul Madsen <paul.mad...@gmail.com> schrieb:
Hi Torsten, yes the use case in question is payment-based as well.

Your suggestion for the client to infer one-time usage from a missing 
expires_in contradicts the general consensus of this thread does it not?

paul

On 1/17/12 11:38 AM, tors...@lodderstedt.net<mailto:tors...@lodderstedt.net> 
wrote:

Hi,

isn't one-time semantics typically associated with certain requests on certain 
resources/resource types. I therefore would assume the client to know which 
tokens to use one-time only. The authz server should not return an expires_in 
paramter. We for example use one time access tokens for payment transactions.

What would such an extension specify?

regards,
Torsten.
Gesendet mit BlackBerry® Webmail von Telekom Deutschland

-----Original Message-----
From: Paul Madsen <paul.mad...@gmail.com><mailto:paul.mad...@gmail.com>
Sender: oauth-boun...@ietf.org<mailto:oauth-boun...@ietf.org>
Date: Tue, 17 Jan 2012 08:23:37
To: Richer, Justin P.<jric...@mitre.org><mailto:jric...@mitre.org>
Cc: OAuth WG<oauth@ietf.org><mailto:oauth@ietf.org>
Subject: Re: [OAUTH-WG] Access Token Response without expires_in

_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to