[Openid-specs-ab] Token revocation

Chuck Mortimore cmortimore at salesforce.com
Mon Sep 19 22:32:05 UTC 2011

I think we should consider overlap here - we're currently deploying the draft for both refresh token and access token revocation - not sure why we'd treat id token all that differently ( although I could see overlap with session management endpoints )

On 9/19/11 2:57 PM, "John Bradley" <ve7jtb at ve7jtb.com> wrote:

As the id_token is not an access token, I don't think it directly applies.

I guess that it might be able to be reused for direct logout messages.

We may want to incorporate it for the user-info access tokens.

On 2011-09-19, at 6:49 PM, Nat Sakimura wrote:


On Mon, Sep 19, 2011 at 4:55 PM, Roland Hedberg <roland.hedberg at adm.umu.se> wrote:

Would be interesting to know how the OAuth2 token revocation draft fits into the OpenID Connect session management.


-- Roland
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110919/14d98ccd/attachment.html>

More information about the Openid-specs-ab mailing list