Access Token / Refresh Token description not required?

Comments (10)

1. 

   Nat Sakimura

   Yes and no. While it probably is better to refer to the OIDC for token lifetime constraints, the TokenLifetime section in OpenID Connect Core does not talk about

   • the implication of the bearer token
   • the implication of the token being used against multiple resources

   These builds up to bring in the notion of Holder of key token and resource audience constrained token respectively in Part 2. So, I would argue to keep the section and those descriptions here while we should refer to OIDC core for the recommendation on the token lifetime itself.

   • 2016-12-08T14:04:39+00:00
2. 

   Nat Sakimura

   • changed status to open

   • 2016-12-13T13:54:40+00:00
3. 

   Nat Sakimura

   re: #52

   → <<cset 81b537a7e335>>

   • 2016-12-13T13:58:37+00:00
4. 

   Nat Sakimura

   • changed component to Part 1: RO Security

   • 2016-12-13T17:25:17+00:00
5. 

   Edmund Jay

   • edited description
   • changed status to resolved

   • 2017-12-20T23:32:49+00:00
6. 

   Nat Sakimura

   • changed component to Part 1: Baseline

   • 2022-12-14T15:35:52+00:00
7. 

   Nat Sakimura

   • changed component to FAPI 1 - Part 1: Baseline

   • 2022-12-14T15:36:24+00:00
8. 

   Nat Sakimura

   • changed component to FAPI 1 – Part 1: Baseline

   • 2022-12-14T15:36:57+00:00
9. 

   Nat Sakimura

   • changed component to FAPI 1 – Baseline

   • 2022-12-14T15:38:19+00:00
10. 

    Nat Sakimura

    • changed component to FAPI 1: Baseline

    • 2022-12-14T15:39:07+00:00
11. Log in to comment