In the assertion flow the authorization server issues an access token. In other flows, the access token is accompanied by an expires_in parameter, but not in this one according to the latest draft of the spec. Was this intentional? -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
