Revocation endpoint discovery can be handled through standard discovery
mechanisms. I don't think clients should request revocation (see earlier
message).
________________________________
From: Hannes Tschofenig <[email protected]>
To: "[email protected] WG" <[email protected]>
Sent: Monday, September 10, 2012 5:25 AM
Subject: [OAUTH-WG] draft-ietf-oauth-revocation-00
The current draft defines an additional endpoint, the token revocation
endpoint, so that clients can request the revocation of a particular token.
Wouldn't it make sense to also allow Authorization Servers to tell Clients or
Resource Servers to revoke tokens?
Ciao
Hannes
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
