http://www.ietf.org/mail-archive/web/oauth/current/msg03734.html
> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Paul Walker > Sent: Friday, January 07, 2011 4:53 PM > To: OAuth WG > Subject: [OAUTH-WG] expired access token : deserves unique code? > > As far as I can tell (which isn't very far on many Friday afternoons), there > is no > way for a client to distinguish an expired access token from a revoked, > malformed, etc token as the invalid_token error parameter value > encompasses multiple scenarios. Of course, a client could parse the > error_description, but this is an optional parameter with no guaranty of a > common value among providers. > > Given that the client would want to make an explicit decision to request > another access token using a refresh token (if available), would it not > benefit > clients if a specific error parameter value was defined for this scenario? > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
