Thanks for the reply. How do the RFC address a token that has been compromised?
From: Justin Richer [mailto:[email protected]] Sent: Tuesday, June 6, 2017 9:12 AM To: Brig Lamoreaux <[email protected]> Cc: <[email protected]> <[email protected]> Subject: Re: [OAUTH-WG] RFC 7009 OAuth doesn’t specify and specific timeout period, it’s up to the AS that issues the token to determine how long the token is good for. RFC7009 isn’t about timeout periods, it’s about the client proactively telling the AS that it doesn’t need a token anymore and the AS should throw it out, likely prior to any timeouts. — Justin On May 25, 2017, at 12:23 PM, Brig Lamoreaux <[email protected]<mailto:[email protected]>> wrote: Hi, What is the specified timeout period to invalidate the token? Brig Lamoreaux Data Solution Architect [email protected]<mailto:[email protected]> 480-828-8707 US Desert/Mountain Tempe <image001.jpg> _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Foauth&data=02%7C01%7CBrig.Lamoreaux%40microsoft.com%7C538020425e8a411a106408d4acf6ca32%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636323623328232170&sdata=UHQOwegm2k8MbWPCYHR3a4ted39xMFlfjil4FdJqyA8%3D&reserved=0>
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
