Re: [OAUTH-WG] delete access tokens?
"Lodderstedt, Torsten" <t.lodderstedt@telekom.de> Tue, 29 November 2011 13:13 UTC
Return-Path: <t.lodderstedt@telekom.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC59F21F8B64 for <oauth@ietfa.amsl.com>; Tue, 29 Nov 2011 05:13:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.248
X-Spam-Level:
X-Spam-Status: No, score=-3.248 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WBJk4rIQo1ED for <oauth@ietfa.amsl.com>; Tue, 29 Nov 2011 05:13:44 -0800 (PST)
Received: from tcmail33.telekom.de (tcmail33.telekom.de [194.25.30.7]) by ietfa.amsl.com (Postfix) with ESMTP id 9AFF121F8B61 for <oauth@ietf.org>; Tue, 29 Nov 2011 05:13:43 -0800 (PST)
Received: from g8p01.blf01.telekom.de ([164.25.63.135]) by tcmail31.telekom.de with ESMTP; 29 Nov 2011 14:08:55 +0100
Received: from q4de8ssaz61.gppng.telekom.de (q4de8ssaz61.gppng.telekom.de [10.206.166.200]) by G8P01.blf01.telekom.de with ESMTP for oauth@ietf.org; Tue, 29 Nov 2011 14:08:54 +0100
Received: from g8dbse01.krf01.telekom.de ([164.23.31.9]) by q4de8ssaz61.gppng.telekom.de with ESMTP; 29 Nov 2011 14:07:30 +0100
Received: from QEO40065.de.t-online.corp (QEO40065.de.t-online.corp [10.224.209.65]) by G8DBSE01.krf01.telekom.de with ESMTP; Tue, 29 Nov 2011 14:08:53 +0100
Received: from QEO40072.de.t-online.corp ([169.254.1.81]) by QEO40065.de.t-online.corp ([10.224.209.65]) with mapi; Tue, 29 Nov 2011 14:08:52 +0100
From: "Lodderstedt, Torsten" <t.lodderstedt@telekom.de>
To: Bart Wiegmans <bart@all4students.nl>, oauth WG <oauth@ietf.org>
Date: Tue, 29 Nov 2011 14:08:50 +0100
Thread-Topic: delete access tokens?
Thread-Index: AcyugdFLRhLtg7zIR8O1iDGbNt/qeQAFbGsQ
Message-Id: <63366D5A116E514AA4A9872D3C5335395BB5495FBE@QEO40072.de.t-online.corp>
References: <AEDA1B65E9329448939CEFA895C129E203850B09@studentserver.studentennet.local>
In-Reply-To: <AEDA1B65E9329448939CEFA895C129E203850B09@studentserver.studentennet.local>
Accept-Language: de-DE
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: de-DE
Content-Type: multipart/alternative; boundary="_000_63366D5A116E514AA4A9872D3C5335395BB5495FBEQEO40072deton_"
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] delete access tokens?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2011 13:13:44 -0000
Hi Bart, I think this would be a truly RESTful approach. The group discussed this topic several months ago and consensus was to use another endpoint for token revocation (== deletion). Pls. take a look onto http://tools.ietf.org/html/draft-lodderstedt-oauth-revocation-02. regards, Torsten. Von: Bart Wiegmans [mailto:bart@all4students.nl] Gesendet: Dienstag, 29. November 2011 11:32 An: oauth WG Betreff: [OAUTH-WG] delete access tokens? Hello everybody, again. This is just me pushing a random idea, but what if you specified that clients could ask for access token invalidation by making a DELETE request to the token endpoint? Bart Wiegmans
- [OAUTH-WG] delete access tokens? Bart Wiegmans
- Re: [OAUTH-WG] delete access tokens? Lodderstedt, Torsten
- Re: [OAUTH-WG] delete access tokens? Justin Richer