[Openid-specs-ab] Issue #1475: revoking offline_access refresh tokens (openid/connect)
josephheenan
issues-reply at bitbucket.org
Tue Apr 19 11:49:11 UTC 2022
New issue 1475: revoking offline_access refresh tokens
https://bitbucket.org/openid/connect/issues/1475/revoking-offline_access-refresh-tokens
Joseph Heenan:
As per Mike’s WGLC message, I noticed that:
[https://openid.net/specs/openid-connect-backchannel-1\_0-07.html#BCActions](https://openid.net/specs/openid-connect-backchannel-1_0-07.html#BCActions)
contains the text:
> NOTE: An open issue for the specification is whether to define an additional optional parameter in the logout token, probably as a value in the event-specific parameters JSON object, that explicitly signals that `offline_access` refresh tokens are also to be revoked.
I presume that text should be altered/removed before going to final.
More information about the Openid-specs-ab
mailing list