, and performance overhead).
Would I have to send the draft to oauth@ietf.org<mailto:oauth@ietf.org>? or a
specific working group email?
Thanks again for your response.
--
Thanks
Amit
From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net]
Sent: Sunday, January 18, 2015 2:11 PM
To: Amit
can specify/modify this property (or server
to set default) to limit refresh tokens. Its not clear if the user have
visibility in number of refresh tokens before consent (or a say in refresh
token revocation).
--
Thanks,
Amit Gupta
Software Security Architect,
InsideView Inc.
Sent from my
Hi Torsten, Stefanie, Marius
I wanted to suggest an addition to the token revocation rfc7009 to provide more
clarity on how revocation of refresh tokens should be handled. I feel the rfc
should,
1. Describe how the client/resource-owner can provide "standing instructions"
to the OAuth server
