[Openid-specs-ab] Refreshing ID Tokens
Nat Sakimura
sakimura at gmail.com
Sun Jul 29 20:43:37 UTC 2012
Could you kindly elaborate the use case a bit more please?
The rationale for not having refresh token equivalent for id_token was
to make sure that the user is in presence and bound to the session.
How do you envisage the same in the context of the app in your
usecase?
Nat
On Mon, Jul 30, 2012 at 4:43 AM, Torsten Lodderstedt
<torsten at lodderstedt.net> wrote:
> Hi all,
>
> the standard spec only mentions refreshing access tokens. I'm wondering
> whether it is possible to refresh an ID Token based on a refresh token or
> whether this always require a request to the authorization endpoint. In my
> opinion, using offline refresh tokens for this purpose would be a valueable
> feature for apps.
>
> regards,
> Torsten.
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
More information about the Openid-specs-ab
mailing list