Hi All, We have a scenario where one of our stakeholder wants to mandatorily initiate the authentication at certain point of time.
As per https://www.oauth.com/oauth2-servers/access-tokens/access-token-lifetime/ there can be an option where access token is set for certain time and refresh token is not set. So we want to explore this option for this scenario. I have couple of questions regarding this (a) Is this option part of OAuth 2 specification ? If yes can you please point me to the exact IETF link ? (b) Is there any other way our scenario can be achieved ? We want this scenario to be supported from the authorization server (platform) itself and not in the client app or resource server. Thanks and Best Regards, Saurav
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
