[Openid-specs-ab] Token revocation

Chuck Mortimore cmortimore at salesforce.com
Mon Sep 19 22:32:05 UTC 2011


I think we should consider overlap here - we're currently deploying the draft for both refresh token and access token revocation - not sure why we'd treat id token all that differently ( although I could see overlap with session management endpoints )


On 9/19/11 2:57 PM, "John Bradley" <ve7jtb at ve7jtb.com> wrote:

As the id_token is not an access token, I don't think it directly applies.

I guess that it might be able to be reused for direct logout messages.

We may want to incorporate it for the user-info access tokens.

John
On 2011-09-19, at 6:49 PM, Nat Sakimura wrote:

Breno?

On Mon, Sep 19, 2011 at 4:55 PM, Roland Hedberg <roland.hedberg at adm.umu.se> wrote:
Hi!

Would be interesting to know how the OAuth2 token revocation draft fits into the OpenID Connect session management.

http://tools.ietf.org/html/draft-lodderstedt-oauth-revocation-03

-- Roland
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110919/14d98ccd/attachment.html>


More information about the Openid-specs-ab mailing list