revoking offline_access refresh tokens

Issue #1475 resolved
Joseph Heenan created an issue

As per Mike’s WGLC message, I noticed that:

contains the text:

NOTE: An open issue for the specification is whether to define an additional optional parameter in the logout token, probably as a value in the event-specific parameters JSON object, that explicitly signals that offline_access refresh tokens are also to be revoked.

I presume that text should be altered/removed before going to final.

Comments (3)

  1. Log in to comment