One use tokens can also expire before they are used. "You have 5 minutes to do
this once."
________________________________
From: Torsten Lodderstedt [tors...@lodderstedt.net]
Sent: Tuesday, January 17, 2012 12:26 PM
To: Paul Madsen
Cc: oauth-boun...@ietf.org; Richer, Justin P.; OAuth WG
Subject: Re: AW: Re: [OAUTH-WG] Access Token Response without expires_in
Hi Paul,
that's not what I meant. The Client should know which tokens should be one time
usage based on the API description. The authz server must not return expires_in
because this would not make any sense in this case.
regards,
Torsten
Paul Madsen <paul.mad...@gmail.com> schrieb:
Hi Torsten, yes the use case in question is payment-based as well.
>
>Your suggestion for the client to infer one-time usage from a missing
>expires_in contradicts the general consensus of this thread does it not?
>
>paul
>
>On 1/17/12 11:38 AM, tors...@lodderstedt.net wrote:
>Hi, isn't one-time semantics typically associated with certain requests on
>certain resources/resource types. I therefore would assume the client to know
>which tokens to use one-time only. The authz server should not return an
>expires_in paramter. We for example use one time access tokens for payment
>transactions. What would such an extension specify? regards,
Torsten.
Gesendet mit BlackBerry® Webmail von Telekom Deutschland -----Original
Message-----
From: Paul Madsen <paul.mad...@gmail.com> Sender: oauth-boun...@ietf.org Date:
Tue, 17 Jan 2012 08:23:37
To: Richer, Justin P.<jric...@mitre.org> Cc: OAuth WG<oauth@ietf.org> Subject:
Re: [OAUTH-WG] Access Token Response without expires_in
_______________________________________________
OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
