This has already been discussed and presented in the several past IETF meetings about this draft.
It sounds like something should maybe be added to the document then if it keeps coming up?
Yes, it means the client can prompt the user in the UI to tell them they will need to re-authorize and re-approve access. This lets the client proactively tell the user they need to re-authorize before the access is lost. Without this, the client will lose access for an indeterminate amount of time until the user realizes the client has stopped working and goes and reconnects it.
So the user uses the app often enough that this prompting can happen at some point near to expiry, but not often enough to notice a gap in service? And the app has no backchannel notification mechanism (eg email) to inform the user that access has expired?
— Neil
> On 14 Nov 2025, at 15:14, Max Gerber <[email protected]> wrote:
>
> > […] The client can also schedule a notification to the user to renew the grant in 11 months.
But what does this mean in practice? Asking them to re-login and re-approve the scopes? If so, why not just wait for the grant to expire and do that anyway? What is the concrete benefit to user or developer experience of this field?
— Neil
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
|
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
