[Openid-specs-risc] token-issued event
Marius Scurtescu
mscurtescu at google.com
Mon Apr 9 23:35:39 UTC 2018
Currently oauth-event-types defines a token-revoked event (section 2.1):
https://bitbucket.org/openid/risc/src
In a conversation last week it came up that maybe we should also have an
equivalent token-issued event, to be sent every time some new token is
issued (a new authorization code or a new refresh token for example). This
might allow a client to detect if users are phished and some tokens never
reach the intended redirect URIs, for example.
I think there is a similar proposal for actual consent events, not exactly
the same, but in ways similar. Does anyone have pointers to that?
Thoughts?
Marius
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20180409/7ce1da9f/attachment.html>
More information about the Openid-specs-risc
mailing list