Re: [OAUTH-WG] delete access tokens?
Justin Richer <jricher@mitre.org> Fri, 02 December 2011 18:45 UTC
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4C701F0C36 for <oauth@ietfa.amsl.com>; Fri, 2 Dec 2011 10:45:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O2XXv+haRmh6 for <oauth@ietfa.amsl.com>; Fri, 2 Dec 2011 10:45:23 -0800 (PST)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id ED44F21F8C33 for <oauth@ietf.org>; Fri, 2 Dec 2011 10:45:22 -0800 (PST)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id CA2FC21B1442 for <oauth@ietf.org>; Fri, 2 Dec 2011 13:45:21 -0500 (EST)
Received: from imchub1.MITRE.ORG (imchub1.mitre.org [129.83.29.73]) by smtpksrv1.mitre.org (Postfix) with ESMTP id AAAE921B18A6 for <oauth@ietf.org>; Fri, 2 Dec 2011 13:45:21 -0500 (EST)
Received: from [129.83.50.8] (129.83.50.8) by imchub1.MITRE.ORG (129.83.29.73) with Microsoft SMTP Server (TLS) id 8.3.192.1; Fri, 2 Dec 2011 13:45:22 -0500
Message-ID: <4ED91CB4.7090301@mitre.org>
Date: Fri, 02 Dec 2011 13:45:08 -0500
From: Justin Richer <jricher@mitre.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:8.0) Gecko/20111124 Thunderbird/8.0
MIME-Version: 1.0
To: oauth@ietf.org
References: <AEDA1B65E9329448939CEFA895C129E203850B09@studentserver.studentennet.local> <63366D5A116E514AA4A9872D3C5335395BB5495FBE@QEO40072.de.t-online.corp>
In-Reply-To: <63366D5A116E514AA4A9872D3C5335395BB5495FBE@QEO40072.de.t-online.corp>
Content-Type: multipart/alternative; boundary="------------000408030103020805040505"
Subject: Re: [OAUTH-WG] delete access tokens?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Dec 2011 18:45:23 -0000
Specifically, the DELETE method was rejected as tokens aren't necessarily directly URL-addressable from the token endpoint. Shoehorning that requirement in order to make it feel more RESTful was more of a hack than a few folks (myself included) really wanted to make. -- Justin On 11/29/2011 08:08 AM, Lodderstedt, Torsten wrote: > > Hi Bart, > > I think this would be a truly RESTful approach. The group discussed > this topic several months ago and consensus was to use another > endpoint for token revocation (== deletion). Pls. take a look onto > http://tools.ietf.org/html/draft-lodderstedt-oauth-revocation-02. > > regards, > > Torsten. > > *Von:*Bart Wiegmans [mailto:bart@all4students.nl] > *Gesendet:* Dienstag, 29. November 2011 11:32 > *An:* oauth WG > *Betreff:* [OAUTH-WG] delete access tokens? > > Hello everybody, again. > > This is just me pushing a random idea, but what if you specified that > clients could ask for access token invalidation by making a DELETE > request to the token endpoint? > > Bart Wiegmans > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] delete access tokens? Bart Wiegmans
- Re: [OAUTH-WG] delete access tokens? Lodderstedt, Torsten
- Re: [OAUTH-WG] delete access tokens? Justin Richer