[Openid-specs-ab] Refreshing ID Tokens

Nat Sakimura sakimura at gmail.com
Sun Jul 29 20:43:37 UTC 2012


Could you kindly elaborate the use case a bit more please?

The rationale for not having refresh token equivalent for id_token was
to make sure that the user is   in presence and bound to the session.
How do you envisage the same in the context of the app in your
usecase?

Nat

On Mon, Jul 30, 2012 at 4:43 AM, Torsten Lodderstedt
<torsten at lodderstedt.net> wrote:
> Hi all,
>
> the standard spec only mentions refreshing access tokens. I'm wondering
> whether it is possible to refresh an ID Token based on a refresh token or
> whether this always require a request to the authorization endpoint. In my
> opinion, using offline refresh tokens for this purpose would be a valueable
> feature for apps.
>
> regards,
> Torsten.
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab



-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en


More information about the Openid-specs-ab mailing list