Re: [OAUTH-WG] Access Token Response without expires_in

Eran Hammer <eran@hueniverse.com> Mon, 16 January 2012 18:57 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7F4A21F8699 for <oauth@ietfa.amsl.com>; Mon, 16 Jan 2012 10:57:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.502
X-Spam-Level:
X-Spam-Status: No, score=-2.502 tagged_above=-999 required=5 tests=[AWL=0.097, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ukE3dczc1CE for <oauth@ietfa.amsl.com>; Mon, 16 Jan 2012 10:57:36 -0800 (PST)
Received: from p3plex1out02.prod.phx3.secureserver.net (p3plex1out02.prod.phx3.secureserver.net [72.167.180.18]) by ietfa.amsl.com (Postfix) with SMTP id 22F3321F8690 for <oauth@ietf.org>; Mon, 16 Jan 2012 10:57:32 -0800 (PST)
Received: (qmail 19192 invoked from network); 16 Jan 2012 18:57:31 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.46) by p3plex1out02.prod.phx3.secureserver.net with SMTP; 16 Jan 2012 18:57:31 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.20]) by P3PW5EX1HT004.EX1.SECURESERVER.NET ([72.167.180.134]) with mapi; Mon, 16 Jan 2012 11:57:31 -0700
From: Eran Hammer <eran@hueniverse.com>
To: "eran@hammer-lahav.net" <eran@hammer-lahav.net>, OAuth WG <oauth@ietf.org>
Date: Mon, 16 Jan 2012 11:57:28 -0700
Thread-Topic: Access Token Response without expires_in
Thread-Index: AczUf8kvUkdgy1nHSGOm5KixWQExDAAAKISQ
Message-ID: <90C41DD21FB7C64BB94121FBBC2E723453A754C54B@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <90C41DD21FB7C64BB94121FBBC2E723453A754C549@P3PW5EX1MB01.EX1.SECURESERVER.NET>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723453A754C549@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "wolter.eldering" <wolter.eldering@enovation.com.cn>
Subject: Re: [OAUTH-WG] Access Token Response without expires_in
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jan 2012 18:57:36 -0000

              expires_in

                OPTIONAL. The lifetime in seconds of the access token. For example, the value
                <spanx style='verb'>3600</spanx> denotes that the access token will expire in one
                hour from the time the response was generated. The authorization server SHOULD
                document its default expiration value in case the parameter is omitted.

EHL

> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Eran Hammer
> Sent: Monday, January 16, 2012 10:53 AM
> To: OAuth WG
> Cc: wolter.eldering
> Subject: [OAUTH-WG] Access Token Response without expires_in
> 
> A question came up about the access token expiration when expires_in is
> not included in the response. This should probably be made clearer in the
> spec. The three options are:
> 
> 1. Does not expire (but can be revoked)
> 2. Single use token
> 3. Defaults to whatever the authorization server decides and until revoked
> 
> #3 is the assumed answer given the WG history. I'll note that in the spec, but
> wanted to make sure this is the explicit WG consensus.
> 
> EHL
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth