Max-age has to do with user re-auth in connect.

Some AS only give refresh tokens if a scope of offline_acess or some such 
special scope is requested.
There is no standard scope for that.

I don’t know of any way for the client to control the lifetime of the access 
token other than by revoking it with the AS.
https://tools.ietf.org/html/rfc7009 <https://tools.ietf.org/html/rfc7009>

Depending on the AS you should be able to control the AT lifetime on a per 
client basis.

John B.

> On Jul 25, 2017, at 11:37 AM, Bill Burke <bbu...@redhat.com> wrote:
> 
> For browser apps, implicit flow provides an access token but no refresh 
> token.  For non-browser apps only client credentials grant doesn't supply a 
> refresh token.  As for token access times, I believe only extensions to OAuth 
> define those types of capabilities.  i.e. OpenID Connect defines a "max-age" 
> claim that you can pass when requesting a token.
> 
> On 7/25/17 10:48 AM, Saurav Sarkar wrote:
>> Hi All,
>> 
>> We have a scenario where one of our stakeholder wants to mandatorily 
>> initiate the authentication at certain point of time.
>> 
>> As per 
>> https://www.oauth.com/oauth2-servers/access-tokens/access-token-lifetime/ 
>> <https://www.oauth.com/oauth2-servers/access-tokens/access-token-lifetime/>
>> there can be an option where access token is set for certain time and 
>> refresh token is not set. So we want to explore this option for this 
>> scenario.
>> 
>> I have couple of questions regarding this
>> 
>> (a) Is this  option part of OAuth 2 specification ? If yes can you please 
>> point me to the exact IETF link ?
>> 
>> (b) Is there any other way our scenario can be achieved ? We want this 
>> scenario to be supported from the authorization server (platform) itself and 
>> not in the client app or resource server.
>> 
>> Thanks and Best Regards,
>> Saurav
>> 
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org <mailto:OAuth@ietf.org>
>> https://www.ietf.org/mailman/listinfo/oauth 
>> <https://www.ietf.org/mailman/listinfo/oauth>
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to