Am 15.03.2011 14:34, schrieb David Robinson:
Page 4 of the specification says:
The client MUST NOT make any assumptions about the timing and MUST NOT
use the token again.
In the case of a self-care portal mentioned in - 1.0 Introduction -
clients may not be aware that
tokens have been revoked. In that scenario is seems probable that
clients will try to use revoked tokens
at least once.
that's correct. What would be your conclusion/proposal?
regards,
Torsten.
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
