Hi All,

We have a scenario where one of our stakeholder wants to mandatorily
initiate the authentication at certain point of time.

As per
there can be an option where access token is set for certain time and
refresh token is not set. So we want to explore this option for this

I have couple of questions regarding this

(a) Is this  option part of OAuth 2 specification ? If yes can you please
point me to the exact IETF link ?

(b) Is there any other way our scenario can be achieved ? We want this
scenario to be supported from the authorization server (platform) itself
and not in the client app or resource server.

Thanks and Best Regards,
OAuth mailing list

Reply via email to