Hi All,

We have a scenario where one of our stakeholder wants to mandatorily
initiate the authentication at certain point of time.

As per
https://www.oauth.com/oauth2-servers/access-tokens/access-token-lifetime/
there can be an option where access token is set for certain time and
refresh token is not set. So we want to explore this option for this
scenario.

I have couple of questions regarding this

(a) Is this  option part of OAuth 2 specification ? If yes can you please
point me to the exact IETF link ?

(b) Is there any other way our scenario can be achieved ? We want this
scenario to be supported from the authorization server (platform) itself
and not in the client app or resource server.

Thanks and Best Regards,
Saurav
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to