Skip to content
This repository was archived by the owner on Dec 29, 2020. It is now read-only.

Refresh tokens and expiry do not need to be tied together #24

Open
#30
Open
Refresh tokens and expiry do not need to be tied together#24
#30
@samskiter

Description

@samskiter
samskiter
opened on Oct 30, 2014

The OAuth2 spec makes no connection between refresh tokens and expiry. It's possible to have one without the other. Specifically - section 4.4 says there SHOULD NOT be a refresh token. While it is rare that iOS applications will make use of this form of auth, I propose to relax the constraints on refresh tokens and expiry

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions