Re: [OAUTH-WG] Access Token Response without expires_in
Eran Hammer <eran@hueniverse.com> Mon, 16 January 2012 18:57 UTC
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7F4A21F8699 for <oauth@ietfa.amsl.com>; Mon, 16 Jan 2012 10:57:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.502
X-Spam-Level:
X-Spam-Status: No, score=-2.502 tagged_above=-999 required=5 tests=[AWL=0.097, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ukE3dczc1CE for <oauth@ietfa.amsl.com>; Mon, 16 Jan 2012 10:57:36 -0800 (PST)
Received: from p3plex1out02.prod.phx3.secureserver.net (p3plex1out02.prod.phx3.secureserver.net [72.167.180.18]) by ietfa.amsl.com (Postfix) with SMTP id 22F3321F8690 for <oauth@ietf.org>; Mon, 16 Jan 2012 10:57:32 -0800 (PST)
Received: (qmail 19192 invoked from network); 16 Jan 2012 18:57:31 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.46) by p3plex1out02.prod.phx3.secureserver.net with SMTP; 16 Jan 2012 18:57:31 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.20]) by P3PW5EX1HT004.EX1.SECURESERVER.NET ([72.167.180.134]) with mapi; Mon, 16 Jan 2012 11:57:31 -0700
From: Eran Hammer <eran@hueniverse.com>
To: "eran@hammer-lahav.net" <eran@hammer-lahav.net>, OAuth WG <oauth@ietf.org>
Date: Mon, 16 Jan 2012 11:57:28 -0700
Thread-Topic: Access Token Response without expires_in
Thread-Index: AczUf8kvUkdgy1nHSGOm5KixWQExDAAAKISQ
Message-ID: <90C41DD21FB7C64BB94121FBBC2E723453A754C54B@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <90C41DD21FB7C64BB94121FBBC2E723453A754C549@P3PW5EX1MB01.EX1.SECURESERVER.NET>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723453A754C549@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "wolter.eldering" <wolter.eldering@enovation.com.cn>
Subject: Re: [OAUTH-WG] Access Token Response without expires_in
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jan 2012 18:57:36 -0000
expires_in OPTIONAL. The lifetime in seconds of the access token. For example, the value <spanx style='verb'>3600</spanx> denotes that the access token will expire in one hour from the time the response was generated. The authorization server SHOULD document its default expiration value in case the parameter is omitted. EHL > -----Original Message----- > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf > Of Eran Hammer > Sent: Monday, January 16, 2012 10:53 AM > To: OAuth WG > Cc: wolter.eldering > Subject: [OAUTH-WG] Access Token Response without expires_in > > A question came up about the access token expiration when expires_in is > not included in the response. This should probably be made clearer in the > spec. The three options are: > > 1. Does not expire (but can be revoked) > 2. Single use token > 3. Defaults to whatever the authorization server decides and until revoked > > #3 is the assumed answer given the WG history. I'll note that in the spec, but > wanted to make sure this is the explicit WG consensus. > > EHL > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] Access Token Response without expi… Aaron Parecki
- [OAUTH-WG] Access Token Response without expires_… Eran Hammer
- Re: [OAUTH-WG] Access Token Response without expi… Eran Hammer
- Re: [OAUTH-WG] Access Token Response without expi… Richer, Justin P.
- Re: [OAUTH-WG] Access Token Response without expi… Eran Hammer
- Re: [OAUTH-WG] Access Token Response without expi… Aaron Parecki
- Re: [OAUTH-WG] Access Token Response without expi… Eran Hammer
- Re: [OAUTH-WG] Access Token Response without expi… Eran Hammer
- Re: [OAUTH-WG] Access Token Response without expi… Mike Jones
- Re: [OAUTH-WG] Access Token Response without expi… Eran Hammer
- Re: [OAUTH-WG] Access Token Response without expi… Mike Jones
- Re: [OAUTH-WG] Access Token Response without expi… John Bradley
- Re: [OAUTH-WG] Access Token Response without expi… Paul Madsen
- Re: [OAUTH-WG] Access Token Response without expi… Richer, Justin P.
- Re: [OAUTH-WG] Access Token Response without expi… Richer, Justin P.
- Re: [OAUTH-WG] Access Token Response without expi… Paul Madsen
- Re: [OAUTH-WG] Access Token Response without expi… William Mills
- Re: [OAUTH-WG] Access Token Response without expi… William Mills
- Re: [OAUTH-WG] Access Token Response without expi… Richer, Justin P.
- Re: [OAUTH-WG] Access Token Response without expi… Torsten Lodderstedt
- Re: [OAUTH-WG] Access Token Response without expi… Paul Madsen
- Re: [OAUTH-WG] Access Token Response without expi… Paul Madsen
- Re: [OAUTH-WG] Access Token Response without expi… Richer, Justin P.
- Re: [OAUTH-WG] Access Token Response without expi… William Mills
- Re: [OAUTH-WG] Access Token Response without expi… Torsten Lodderstedt
- Re: [OAUTH-WG] Access Token Response without expi… Paul Madsen
- Re: [OAUTH-WG] Access Token Response without expi… Justin Richer