On Tue, Jul 13, 2010 at 9:58 PM, Torsten Lodderstedt <[email protected]> wrote: > We plan to issue new refresh tokens for certain clients only (mobile, > desktop), > it's part of the client-related policy. So the behavior for a particular > client is predictable.
Nice. Would you be willing to expand on the current spec language a bit, to explain the use cases, and offer more normative language about how clients should handle refresh token exchange? This is a cool feature, but the current language is kind of vague. Cheers, Brian _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
