Draft: https://datatracker.ietf.org/doc/draft-watson-oauth-refresh-token-expiration/ Repo: https://github.com/njwatson32/rt-expiration
Hi all, I have uploaded the 2nd official version of my draft about refresh token and authorization expiration. I had wanted to send this out much sooner, but other work and life obligations prevented that. Based on the feedback from Madrid and conversations with Aaron (thanks!), some changes have been made: * Consent was renamed to authorization to be more in line with 6749 terminology. * Clarification was added about what authorization means in relation to scopes. * Mentions of RT rotation were moved to informative sections near the end as examples of potentially related work. * More considerations of expected client behavior were added. I will be in Montréal and would love it if a few people would read it before then (especially if you're one of the people who had strong opinions in Madrid). Nick -- Nick Watson | Software Engineer | [email protected] | (781) 608-3352
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
