Document the impact of grant changes on issued tokens

Issue #287 resolved
Dima Postnikov created an issue

Suggested by Vladimir Dzhuvinov vi the mailing list:

“Effect of grant changes via authz request or mgmt API on issued refresh and access tokens: At present the spec is not explicit on this. I think there should be clear guidance what happens to existing refresh and access tokens linked to a grant_id when the grant changes. Including those situations when the client is public or multiple client_id's are linked to a "client". This can be useful for AS implementers as well as client developers, so the latter know exactly what to expect about the tokens when a grant gets modified.”

Comments (8)

  1. Vladimir Dzhuvinov

    Thanks Torsten. I read the version from 2021-06-01 and those aspects appear to be covered now.

    Is it correct that public clients and credentialed clients (OAuth 2.1) are in fact not supported?

    Authorization servers

    1. shall support confidential clients as defined in [@!RFC6749].

  2. Log in to comment