Re: [OAUTH-WG] Access Token Response without expires_in

Wed, 18 Jan 2012 05:57:24 -0800 

which argues for expressing both explicitly

On 1/17/12 3:58 PM, William Mills wrote:



One use tokens can also expire before they are used.  "You have 5 
minutes to do this once."


------------------------------------------------------------------------
*From:* Torsten Lodderstedt [tors...@lodderstedt.net]
*Sent:* Tuesday, January 17, 2012 12:26 PM
*To:* Paul Madsen
*Cc:* oauth-boun...@ietf.org; Richer, Justin P.; OAuth WG
*Subject:* Re: AW: Re: [OAUTH-WG] Access Token Response without expires_in

Hi Paul,


that's not what I meant. The Client should know which tokens should be 
one time usage based on the API description. The authz server must not 
return expires_in because this would not make any sense in this case.


regards,
Torsten




Paul Madsen <paul.mad...@gmail.com> schrieb:

    Hi Torsten, yes the use case in question is payment-based as well.

    Your suggestion for the client to infer one-time usage from a
    missing expires_in contradicts the general consensus of this
    thread does it not?

    paul

    On 1/17/12 11:38 AM, tors...@lodderstedt.net
    <mailto:tors...@lodderstedt.net> wrote:

    Hi,

    isn't one-time semantics typically associated with certain requests on 
certain resources/resource types. I therefore would assume the client to know 
which tokens to use one-time only. The authz server should not return an 
expires_in paramter. We for example use one time access tokens for payment 
transactions.

    What would such an extension specify?

    regards,
    Torsten.
    Gesendet mit BlackBerry® Webmail von Telekom Deutschland

    -----Original Message-----
    From: Paul Madsen<paul.mad...@gmail.com>  <mailto:paul.mad...@gmail.com>
    Sender:oauth-boun...@ietf.org  <mailto:oauth-boun...@ietf.org>
    Date: Tue, 17 Jan 2012 08:23:37
    To: Richer, Justin P.<jric...@mitre.org>  <mailto:jric...@mitre.org>
    Cc: OAuth WG<oauth@ietf.org>  <mailto:oauth@ietf.org>
    Subject: Re: [OAUTH-WG] Access Token Response without expires_in

    _______________________________________________
    OAuth mailing list
    OAuth@ietf.org  <mailto:OAuth@ietf.org>
    https://www.ietf.org/mailman/listinfo/oauth



_______________________________________________
OAuth mailing list
OAuth@ietf.org <mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
























					Reply via email to