[Openid-specs-risc] token-issued event

Marius Scurtescu mscurtescu at google.com
Mon Apr 9 23:35:39 UTC 2018

Currently oauth-event-types defines a token-revoked event (section 2.1):

In a conversation last week it came up that maybe we should also have an
equivalent token-issued event, to be sent every time some new token is
issued (a new authorization code or a new refresh token for example). This
might allow a client to detect if users are phished and some tokens never
reach the intended redirect URIs, for example.

I think there is a similar proposal for actual consent events, not exactly
the same, but in ways similar. Does anyone have pointers to that?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20180409/7ce1da9f/attachment.html>

More information about the Openid-specs-risc mailing list