[Openid-specs-ab] Refresh token lifetime?

Stuart Low stuart at biza.io
Tue Aug 27 12:37:07 UTC 2019


Hi Mischa,

I don’t believe it’s a formal standard but there is a fair bit of support from OP’s for refresh_token_expires_in so it has become the defacto standard for what you’re mentioning below.

From some Linkedin documentation (https://developer.linkedin.com/docs/Refresh-Tokens-with-OAuth-2# <https://developer.linkedin.com/docs/Refresh-Tokens-with-OAuth-2#>):

refresh_token_expires_in — The number of seconds remaining before the refresh token will expire. The lifespan of refresh tokens is usually larger than Access tokens. The exact duration depends on the type of Refresh Tokens issued. The different types explained below in the document.

Hope that helps,

Stuart


> On 27 Aug 2019, at 10:22 pm, Mischa Salle via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
> 
> Hi all,
> 
> I was wondering if there is any standard (RFC or OpenID) for conveying
> the lifetime or expiry time of a refresh token?
> The access token response returns an expires_in for the
> access token, following https://tools.ietf.org/html/rfc6749#section-4.2.2
> but there seems to be no standard for returning an expiry time or
> lifetime for the refresh token.
> It would certainly be useful information for a client.
> 
> In case there is no standard yet, what would be the right thing to do?
> I would suggest adding another access token response parameter, such as
> rt_expires_in. Alternatively, it could be the expiry time, e.g.
> refresh_token_exp or something like that.
> 
> Are there already parties doing something like this?
> 
> Mischa
> 
> -- 
> Nikhef                      Room  H155
> Science Park 105            Tel.  +31-20-592 5102
> 1098 XG Amsterdam           Fax   +31-20-592 5155
> The Netherlands             Email msalle at nikhef.nl
>  __ .. ... _._. .... ._  ... ._ ._.. ._.. .._..
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190827/eac80abf/attachment.html>


More information about the Openid-specs-ab mailing list