[Openid-specs-ab] Token revocation
cmortimore at salesforce.com
Mon Sep 19 22:32:05 UTC 2011
I think we should consider overlap here - we're currently deploying the draft for both refresh token and access token revocation - not sure why we'd treat id token all that differently ( although I could see overlap with session management endpoints )
On 9/19/11 2:57 PM, "John Bradley" <ve7jtb at ve7jtb.com> wrote:
As the id_token is not an access token, I don't think it directly applies.
I guess that it might be able to be reused for direct logout messages.
We may want to incorporate it for the user-info access tokens.
On 2011-09-19, at 6:49 PM, Nat Sakimura wrote:
On Mon, Sep 19, 2011 at 4:55 PM, Roland Hedberg <roland.hedberg at adm.umu.se> wrote:
Would be interesting to know how the OAuth2 token revocation draft fits into the OpenID Connect session management.
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab