The OAuth Core spec mandates that service providers enable users to revoke access tokens. And it mentions that a service provider should send HTTP response code 401 when it receives an expired token.
However, it says nothing about how a user would ask to revoke a token, why a service provider might revoke a token, when or why tokens might expire, how a consumer can determine that a token has expired or been revoked, or what a consumer should do in these situations. On Jul 25, 3:36 pm, mw_java <michaelwilso...@gmail.com> wrote: > Could you elaborate on what you meant by this? > > On Jul 25, 12:17 pm, John Kristian <jmkrist...@gmail.com> wrote: > > Yes, tokens may be expired or revoked. But OAuth Core doesn't > > standardize the process. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---