Hi All,
I'm reviewing RFC 7622 as we are going ahead with implementing it.
I have a question:
1. Token Hint in the introspection request.
The spec mentions 'refresh_token' as one of the possible values. But a
protected resource does not see a refresh token (ever ?), it is Access
Token service which does.
When would a protected resource use a 'refresh_token' hint when
requesting an introspection response ?
Thanks, Sergey
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
