Our OAuth implementation have remember me functionality built on top of it. e.g.
When user first time do authentication OAuth server deposit a cookie and next time user do authorize call to get auth code. Auth server sees the cookie and does not throw the authentication page and directly hand off the auth code . Things are fine and we are happy. Now we are designing revokeToken api as per http://tools.ietf.org/html/rfc7009#section-4.1.2 . which says using revoke token we can revoke a given token. Now can we attach additional behavior to revoke token in such a way once client app call this from the browser. Next time app call authorize call, Auth server does prompt the user to re authenticate in spite of remember me cookie present. Regards, Rajender Saini -- You received this message because you are subscribed to the Google Groups "OAuth" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
