Re: [OAUTH-WG] proof-of-possession-02 unencrypted oct JWK in encrypted JWT okay?

You’re welcome. Thanks, as always, for the useful feedback that improved the specification. From: Brian Campbell [mailto:bcampb...@pingidentity.com] Sent: Monday, August 31, 2015 1:47 PM To: Mike Jones Cc: oauth Subject: Re: [OAUTH-WG] proof-of-possession-02 unencrypted oct JWK in encrypted JWT

Re: [OAUTH-WG] proof-of-possession-02 unencrypted oct JWK in encrypted JWT okay?

Thank you On Fri, Aug 28, 2015 at 7:04 PM, Mike Jones wrote: > This was added at the end of Section 3.2 in -04 > . > Thanks again for the practical feedback, Brian! > > > >

Re: [OAUTH-WG] Lifetime of refresh token

@John, @William I'm of exactly the same opinion. When refreshing the token on expiration of the access token, a new exchange of access token and refresh token should be issued unless that refresh token expired due to inactivity of 1 month or is invalidated by user through their some setting pages.