M, Phillip Hunt wrote:
>>>>>>
>>>>>> You can also use a long lived refresh token in combination with a
>>>>>>> short access token. The client is then forced to periodically
>>>>>>> reauthenticate (without the user) before ge
to use refresh tokens. You can
have long lived access tokens too, and just use the refresh
tokens when you want to do something new with the access tokens.
-bill
-
FROM: Dave Rochwerger
TO: oauth@ietf.org [2]
CC: Quizlet Dev Team
SENT: Wednesday, September 7, 2011 2:15 PM
SUB
e you a hook for
>>>>>> extensibility and key rotation. If you want to rotate your
>>>>>> encryption keys or extend the data carried in the token in any
>>>>>> way then you want to be able to cleanly refresh your tokens. Note
>>>>>> t
.
-bill
-
FROM: Dave Rochwerger
TO: oauth@ietf.org [2]
CC: Quizlet Dev Team
SENT: Wednesday, September 7, 2011 2:15 PM
SUBJECT: [OAUTH-WG] OAuth2 Implementation questions (client
secret and refresh tokens)
Hi all,
I have been implementing OAuth2 based on the various drafts
tokens instead
>>> of MAC for example.
>>>
>>> If you want those things you want to use refresh tokens. You can have long
>>> lived access tokens too, and just use the refresh tokens when you want to
>>> do something new with the access tokens.
>&
gt;
>> If you want those things you want to use refresh tokens. You can have
>> long lived access tokens too, and just use the refresh tokens when you want
>> to do something new with the access tokens.
>>
>> -bill
>>
>> --
>>
> ** **
>
> *From:* oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] *On Behalf
> Of *Phillip Hunt
> *Sent:* Wednesday, September 07, 2011 4:24 PM
> *To:* William Mills
> *Cc:* Quizlet Dev Team; oauth@ietf.org
> *Subject:* Re: [OAUTH-WG] OAuth2 Implementa
use the refresh tokens when you want to do
>> something new with the access tokens.
>>
>> -bill
>>
>> From: Dave Rochwerger
>> To: oauth@ietf.org
>> Cc: Quizlet Dev Team
>> Sent: Wednesday, September 7, 2011 2:15 PM
>> Subject: [OAUTH-WG] OAut
> ** **
>
> *From:* oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] *On Behalf
> Of *Phillip Hunt
> *Sent:* Wednesday, September 07, 2011 4:24 PM
> *To:* William Mills
> *Cc:* Quizlet Dev Team; oauth@ietf.org
> *Subject:* Re: [OAUTH-WG] OAuth2 Implementa
You can have long
> lived access tokens too, and just use the refresh tokens when you want to do
> something new with the access tokens.
>
> -bill
>
> --
> *From:* Dave Rochwerger
> *To:* oauth@ietf.org
> *Cc:* Quizlet Dev Team
> *Sent:*
Cc: Quizlet Dev Team; oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth2 Implementation questions (client secret and
refresh tokens)
You can also use a long lived refresh token in combination with a short access
token. The client is then forced to periodically reauthenticate (without the
user) before
th@ietf.org
> Cc: Quizlet Dev Team
> Sent: Wednesday, September 7, 2011 2:15 PM
> Subject: [OAUTH-WG] OAuth2 Implementation questions (client secret and
> refresh tokens)
>
> Hi all,
>
> I have been implementing OAuth2 based on the various drafts for our new API.
> I
fresh tokens when you want to do
something new with the access tokens.
-bill
From: Dave Rochwerger
To: oauth@ietf.org
Cc: Quizlet Dev Team
Sent: Wednesday, September 7, 2011 2:15 PM
Subject: [OAUTH-WG] OAuth2 Implementation questions (client secret and re
Hi all,
I have been implementing OAuth2 based on the various drafts for our new API.
Initially, I implemented everything as per the spec, but due to our
particular scenario and restrictions we have in place, there are some
fundamental questions that I am unable to defend.
I am hoping this group c
14 matches
Mail list logo
