Not exactly the same, but seems similar to some of the proposed logic in https://tools.ietf.org/wg/oauth/draft-ietf-oauth-incremental-authz/
-Jared Skype:jaredljennings Signal:+1 816.730.9540 WhatsApp: +1 816.678.4152 On Tue, May 5, 2020 at 10:19 AM Jim Schaad <i...@augustcellars.com> wrote: > Over in the ACE working group we are currently having a discussion about > refreshing tokens on an RS. I want to make sure that this is not something > that this working group has already solved. The basic scenario is: > > 1. Client gets token T1 and posts it to the RS > 2. After some time the RS returns and error to the client about an access > issue > 3. Client gets a new token from the AS T2, possibly using a refresh token. > 4. Client posts the token T2 to the RS > 5. The RS somehow needs to associate token T1 and T2 for long term > security > sessions. > > I do not believe that OAuth has this issue because there is not currently > any concept that a token is used for anything other than a single > request/response between the client and the RS. There is no idea of the RS > storing tokens long term associated with a TLS session that might need to > have the access rights for that TLS session changed. > > Please provide any feedback that you might have. > > Thanks > Jim > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
