> There can be cases where resource owner needs to revoke an authorized access token from a given client.
Why wouldn't the RO go through the client to revoke the token? Todd Lainhart Rational software IBM Corporation 550 King Street, Littleton, MA 01460-1250 1-978-899-4705 2-276-4705 (T/L) [email protected] From: Prabath Siriwardena <[email protected]> To: "[email protected] WG" <[email protected]>, Date: 02/06/2013 04:36 AM Subject: [OAUTH-WG] A question on token revocation. Sent by: [email protected] I am sorry if this was already discussed in this list.. Looking at [1] it only talks about revoking the access token from the client. How about the resource owner..? There can be cases where resource owner needs to revoke an authorized access token from a given client. Or revoke an scope.. How are we going to address these requirements..? Thoughts appreciated... [1] http://tools.ietf.org/html/draft-ietf-oauth-revocation-04 -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
