Hi John, > Am 14.01.2015 um 00:26 schrieb John Bradley <ve7...@ve7jtb.com>: > > We don't currently have any examples in the spec of getting a key based on a > RT but it is required if you are using symmetric keys with multiple RS.
I think one could treat RTs like any other tokens in pop and issue a corresponding key. As a consequence refresh requests to the AS would be signed. Sounds straight forward to me (at least on a conceptual level). kind regards, Torsten. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
