[Openid-specs-ab] Token revocation
Chuck Mortimore
cmortimore at salesforce.com
Mon Sep 19 22:32:05 UTC 2011
I think we should consider overlap here - we're currently deploying the draft for both refresh token and access token revocation - not sure why we'd treat id token all that differently ( although I could see overlap with session management endpoints )
On 9/19/11 2:57 PM, "John Bradley" <ve7jtb at ve7jtb.com> wrote:
As the id_token is not an access token, I don't think it directly applies.
I guess that it might be able to be reused for direct logout messages.
We may want to incorporate it for the user-info access tokens.
John
On 2011-09-19, at 6:49 PM, Nat Sakimura wrote:
Breno?
On Mon, Sep 19, 2011 at 4:55 PM, Roland Hedberg <roland.hedberg at adm.umu.se> wrote:
Hi!
Would be interesting to know how the OAuth2 token revocation draft fits into the OpenID Connect session management.
http://tools.ietf.org/html/draft-lodderstedt-oauth-revocation-03
-- Roland
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110919/14d98ccd/attachment.html>
More information about the Openid-specs-ab
mailing list