Hi all,
Long time lurker, first time poster, glad to be finally getting involved!
In terms of weighing in on the revocation practice, I don't think this
document needs to address it as JWT ATs don't seem to require special
handling in this case. I think a general coverage of approaches to token
r
hihi i am sorry my run me code scope runtime is work
hehehe good
Trisna1337
Pada tanggal Sel, 6 Okt 2020 21:18, Janak Amarasena
menulis:
> Hi All,
>
> As per my understanding OAuth 2(RFC6749) doesn't mandate any specific
> media type to be used in the access token request. The spec implies
>
Janak, thanks for the clarification.
A constraint of the OAuth 2.1 draft is that it adds no new features beyond
what has already been standardised and deployed.
While I am a fan of JSON, supporting both application/x-www-form-urlencoded
and application/json will negatively impact interoperability
> On 6 Oct 2020, at 23:05, Aaron Parecki wrote:
>
>
> Hi all, I have a couple questions for those of you who have implemented
> refresh token rotation...
>
> Have you included the option of a grace period on refresh token use, allowing
> multiple uses within some time window? I'm wondering
