> In this model, considering that token revocations don't happen a lot...
Just a brief note, a secure piece of software makes the logout feature
prominent. Every logout event should trigger token revocation.
I’m mentioning this because a lot of OAuth solutions in the mobile space
literally igno
Hello,
Le 20-10-04 à 11 h 27, Thomas Broyer a écrit :
> There might be some kind of pushed events between the AS and the RS when
> a JWT AT is revoked, to allow the RS not to introspect a JWT AT at all.
> Like this, the RS knows if a JWT AT has been revoked or not.
>
>
> If there ar
Disclosure: I have not read the draft on JWT AT, those comments are based
only on my current knowledge of OAuth 2.0 / OpenID Connect, and JWT.
Le sam. 3 oct. 2020 à 19:18, Nicolas Mora a écrit :
> My 2 cents,
>
> Le 20-10-02 à 18 h 19, Andrii Deinega a écrit :
> >
> > Here is what I would like t
