The general use case for refresh tokens is that they don't have a lifetime, although they can be invalidated by various things.
> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Phil Hunt > Sent: Thursday, February 03, 2011 12:27 PM > To: OAuth WG > Subject: [OAUTH-WG] Refresh Token and Expires_in > > In 5.1 (draft 12), if a refresh_token is returned with an access_token, > what does expires_in refer to? Strict reading of the spec says it > refers to the access_token, but isn't lifetime of the refresh token as > important? Should there be a similar "refresh_expires_in"? > > Apologies if this was discussed before. > > Phil > [email protected] > > > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
