Re: [OAUTH-WG] Best-Practice for dealing with OAuth 2.0 Token expiration at the Consumer
William Mills <wmills@yahoo-inc.com> Thu, 19 April 2012 15:40 UTC
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23DF221F86D8 for <oauth@ietfa.amsl.com>; Thu, 19 Apr 2012 08:40:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.24
X-Spam-Level:
X-Spam-Status: No, score=-16.24 tagged_above=-999 required=5 tests=[AWL=-0.801, BAYES_20=-0.74, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7rPOI-TlwPMg for <oauth@ietfa.amsl.com>; Thu, 19 Apr 2012 08:40:36 -0700 (PDT)
Received: from nm8-vm0.bullet.mail.ne1.yahoo.com (nm8-vm0.bullet.mail.ne1.yahoo.com [98.138.91.23]) by ietfa.amsl.com (Postfix) with SMTP id 841AB21F8653 for <oauth@ietf.org>; Thu, 19 Apr 2012 08:40:35 -0700 (PDT)
Received: from [98.138.90.56] by nm8.bullet.mail.ne1.yahoo.com with NNFMP; 19 Apr 2012 15:40:33 -0000
Received: from [98.138.89.248] by tm9.bullet.mail.ne1.yahoo.com with NNFMP; 19 Apr 2012 15:40:33 -0000
Received: from [127.0.0.1] by omp1040.mail.ne1.yahoo.com with NNFMP; 19 Apr 2012 15:40:33 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 73206.16798.bm@omp1040.mail.ne1.yahoo.com
Received: (qmail 40681 invoked by uid 60001); 19 Apr 2012 15:40:32 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1334850032; bh=Li0d2hy7x85vZ24wsbKoHBzejJPSytFY2vLtBmo/i+M=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=ets6m+vnLQElN+duxezlHRyrp4Aaxg5u6Z3wWsqir8/9a3K3RvXIjlnqtLeKXIuvzAdZL7ykRC0C82c2kb3bzkFD9FbuJ4fsiyFO5oYSQ3iB6Ii6FYnJxtZsQHFq3U9AKz4DmmjZvsgkpOWFxLv8k1qcvvyp84PLV0bL17+VpVQ=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=ImrzMqAO/FOPQoAsuYwOnSvDW6vkRl/96NaYTGPJLPPgqGFan5d4ZaemAvabnTSb/Sus9js5sIESF9imSoEH2Li7CVr6OAFl0NYXdaNxScE9t/Wn6cqLhnz3aPkmAJUQoVnqjAdEAnp2kQU+EXYAAeGL1TYh+hCD1cqYK3KZ13s=;
X-YMail-OSG: 7jC4GaUVM1ne560cLrNwBwnl9aKErKMChPdtKkHJFaLIN3f sLWzS0062B397Iena.TyIK_FuXeL.eka6iK0X8QMI4b6q3ZHt_spqxaLsDmK cTAgbuD5EOF8Dmmfwja0svjEz4FsYIGCEALKKLaFA59rnS9W7u7MvQtI.FYh SJjL6L14.crvODWU67cTa4nf2CJgPVTieFfWUSNqG0ficq12ztZwaEni94GW Y6c_dFhi1IO1MDwZf6.S1yQ4YKoewJJlUzAuqO1NwPuCtpLc4JhftD7dfV33 _Sunz4V4xdTh.FzTDdHdVSkDptwsQkEru1h_L.VuBH8ZKAlUzUXCTP7LIzQP f5FD7P8cQBWWTQyYzX5VW.BCHXL0MGejHcIf_Q02NnjqtNHyLP1NvfmlatO. NFzSWNGJaX97euOUR4uwwzfuSF1k2J3xQQCQLPc45fzWaPwZ4ryJGTdyVqBj yF4RHHI._ffKLrWi6dUun2a2E75MjexzjZ0jDBhDbuaeD0NQQN76W322WPQm nRHWcUpB0T2S0q785a_WrIkRi9QUxEAHltLM27x9VHidr1EfQY_z055iBjSH QgayGRL5DyChzUnucbA5et94iKRnJsbfiQJ.o0A8-
Received: from [209.131.62.115] by web31816.mail.mud.yahoo.com via HTTP; Thu, 19 Apr 2012 08:40:32 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <8F2CE30B-E2CA-4AFF-AAAC-6D1D98BA4400@uninett.no>
Message-ID: <1334850032.31951.YahooMailNeo@web31816.mail.mud.yahoo.com>
Date: Thu, 19 Apr 2012 08:40:32 -0700
From: William Mills <wmills@yahoo-inc.com>
To: Andreas Åkre Solberg <andreas.solberg@uninett.no>, "oauth@ietf.org" <oauth@ietf.org>
In-Reply-To: <8F2CE30B-E2CA-4AFF-AAAC-6D1D98BA4400@uninett.no>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1238014912-1843898353-1334850032=:31951"
Subject: Re: [OAUTH-WG] Best-Practice for dealing with OAuth 2.0 Token expiration at the Consumer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Apr 2012 15:40:41 -0000
Scope having actual meaning to the client (you usage of 'offline' is what I'm looking at) is something you can define but is not something currently in the protocol. I think it's a simpler picture than you are painting: 1) You might get a hint with the expires_in value for when the token will expire. The client can refresh based on that. 2) If you get an access token failure, then if you have a refresh token you try to get a new access token. 3) If your refresh token fails (not authorized) to get you a new access token, then you have to re-authenticate. HTTP temporary failures and such get retried. Clients basically have to support that logic flow. >________________________________ > From: Andreas Åkre Solberg <andreas.solberg@uninett.no> >To: oauth@ietf.org >Sent: Thursday, April 19, 2012 1:29 AM >Subject: [OAUTH-WG] Best-Practice for dealing with OAuth 2.0 Token expiration at the Consumer > >Please give me feedback if I got anything wrong, or if you have comments. > >https://rnd.feide.no/2012/04/19/best-practice-for-dealing-with-oauth-2-0-token-expiration-at-the-consumer/ > >Kind regards, >Andreas Åkre Solberg >UNINETT > > >_______________________________________________ >OAuth mailing list >OAuth@ietf.org >https://www.ietf.org/mailman/listinfo/oauth > > >
- [OAUTH-WG] Best-Practice for dealing with OAuth 2… Andreas Åkre Solberg
- Re: [OAUTH-WG] Best-Practice for dealing with OAu… William Mills