Merged in access-token-lifetime (pull request #166)
This refers to issue: https://bitbucket.org/openid/fapi/issues/262/should-long-lived-access-tokens-be
The references in oauth-security-topics didn’t really line up - so I left them out.
The closest recommendation I could find was in: https://tools.ietf.org/html/rfc6819#section-3.1.2 - which I suppose we could reference?
10 mins is arbitrary…. up for discussion.
This refers to issue: https://bitbucket.org/openid/fapi/issues/262/should-long-lived-access-tokens-be
The references in oauth-security-topics didn’t really line up - so I left them out.
The closest recommendation I could find was in: https://tools.ietf.org/html/rfc6819#section-3.1.2 - which I suppose we could reference?
10 mins is arbitrary…. up for discussion.