It should be left off of the the response. We probably should’ve had more examples for that. In general though it’s going to be the protected resource introspecting tokens, and they usually don’t have refresh tokens. We allow other kinds of tokens (ID Tokens, Refresh Tokens, etc) but the canonical use case is the protected resource getting information about an access token.
— Justin > On Nov 24, 2015, at 9:20 AM, Vladimir Dzhuvinov <vladi...@connect2id.com> > wrote: > > Thank you Hannes, > > If the inspected token is a refresh token (which is permitted by the spec), > what should the token_type response say? > > Vladimir > > On 17.11.2015 13:16, Hannes Tschofenig wrote: > > Hi Vladimir, > > > > it is 'Bearer'. > > > > Section 5.1 in RFC 6749 defines the token_type concept and RFC 6750 > > registers the 'Bearer' token value (since it defines the bearer token > > concept). > > > > We currently have work going on with the PoP token work to also extend > > the concept further. > > > > Ciao > > Hannes > > > > > > On 11/17/2015 11:41 AM, Vladimir Dzhuvinov wrote: > >> The "token_type" parameter in introspection responses - is that supposed > >> to be "access_token" / "refresh_token", or the type of the access token, > >> e.g. "Bearer"? > >> > >> https://tools.ietf.org/html/rfc7662#section-2.2 > >> <https://tools.ietf.org/html/rfc7662#section-2.2> > >> > >> Section 5.1 in RFC 6749 that is referred to points to section 7.1 which > >> seems to imply the latter? > >> > >> http://tools.ietf.org/html/rfc6749#section-7.1 > >> <http://tools.ietf.org/html/rfc6749#section-7.1> > >> > >> Thanks, > >> > >> Vladimir > >> > >> > >> > >> _______________________________________________ > >> OAuth mailing list > >> OAuth@ietf.org <mailto:OAuth@ietf.org> > >> https://www.ietf.org/mailman/listinfo/oauth > >> <https://www.ietf.org/mailman/listinfo/oauth> > >> > > > > -- > Vladimir Dzhuvinov :: vladi...@connect2id.com <mailto:vladi...@connect2id.com> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
