Mixi, one of the biggest Japanese social network service, supports OAuth2 with refresh_token. The lifetime of refresh_token is 6 hours ~ 3 months depends on user's decision on authorization.
In that case, how can Mixi tell the lifetime of refresh_token? Currently they just documented it in their API document. On 2011/02/04, at 5:43, William Mills wrote: > The general use case for refresh tokens is that they don't have a lifetime, > although they can be invalidated by various things. > >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On Behalf >> Of Phil Hunt >> Sent: Thursday, February 03, 2011 12:27 PM >> To: OAuth WG >> Subject: [OAUTH-WG] Refresh Token and Expires_in >> >> In 5.1 (draft 12), if a refresh_token is returned with an access_token, >> what does expires_in refer to? Strict reading of the spec says it >> refers to the access_token, but isn't lifetime of the refresh token as >> important? Should there be a similar "refresh_expires_in"? >> >> Apologies if this was discussed before. >> >> Phil >> [email protected] >> >> >> >> >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
