- changed status to invalid
Basic, Messages, Standard, Registration, Session - Do we need to use expires_in when the expiration time can be in the tokens?
Issue #308
invalid
We mandate a token and the whole point of OpenID Connect is that the tokens follow an open standard so why are we returning redundant information? Just check the token.
At the very least, we should delete the use of expires_in from all the examples where its use is not essential.
Comments (1)
-
- Log in to comment
expires_in relates to access_token or other OAuth claim. expire time is for id_token.