[Openid-specs-ab] Refresh token lifetime?

George Fletcher gffletch at aol.com
Tue Aug 27 14:40:38 UTC 2019 

It should also be possible to obtain the token expiry time by sending 
the refresh_token to the /introspection endpoint.

On 8/27/19 8:37 AM, Joseph Heenan via Openid-specs-ab wrote:
> Hi Mischa
>
> There are [at least] 3 different solutions in the wild, all mentioned in https://bitbucket.org/openid/fapi/issues/251/refresh-token-expiry-time
>
> Joseph
>
>
>> On 27 Aug 2019, at 13:22, Mischa Salle via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
>>
>> Hi all,
>>
>> I was wondering if there is any standard (RFC or OpenID) for conveying
>> the lifetime or expiry time of a refresh token?
>> The access token response returns an expires_in for the
>> access token, following https://tools.ietf.org/html/rfc6749#section-4.2.2
>> but there seems to be no standard for returning an expiry time or
>> lifetime for the refresh token.
>> It would certainly be useful information for a client.
>>
>> In case there is no standard yet, what would be the right thing to do?
>> I would suggest adding another access token response parameter, such as
>> rt_expires_in. Alternatively, it could be the expiry time, e.g.
>> refresh_token_exp or something like that.
>>
>> Are there already parties doing something like this?
>>
>> Mischa
>>
>> -- 
>> Nikhef                      Room  H155
>> Science Park 105            Tel.  +31-20-592 5102
>> 1098 XG Amsterdam           Fax   +31-20-592 5155
>> The Netherlands             Email msalle at nikhef.nl
>>   __ .. ... _._. .... ._  ... ._ ._.. ._.. .._..
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190827/9cbcfb44/attachment.html>

More information about the Openid-specs-ab mailing list