oauth2 Profile - 3.4. @torsten comment [token lifetimes]

Comments (7)

1. 

   Tom Clancy

   • marked as blocker

   Changed to BLOCKER to filter for v1.05/Implementer’s draft.

   • 2024-07-16T18:47:05+00:00
2. 

   Joseph Heenan

   The client type matters because in a public client the access token is generally available on the end-user device so can leak from there, which is not the case for confidential clients.

   However in almost all cases some kind of sender constrained access token (e.g. DPoP) is a much better mitigation.

   • 2024-07-22T07:44:15+00:00
3. 

   Kelley Burgin

   May depend on sender constrained token method.

   • 2024-07-23T15:44:23+00:00
4. 

   Tom Clancy

   Adjusted token lifetimes in https://bitbucket.org/openid/igov/pull-requests/26

   • 2024-08-14T17:48:09+00:00
5. 

   Tom Clancy

   • assigned issue to
     
     Tom Clancy

   https://bitbucket.org/openid/igov/pull-requests/26

   • 2024-08-14T17:49:00+00:00
6. 

   Tom Clancy

   • changed title to oauth2 Profile - 3.4. @torsten comment [token lifetimes]

   • 2024-08-20T11:23:40+00:00
7. 

   Tom Clancy

   • changed status to resolved

   Merged PR#26

   • 2024-08-20T16:18:29+00:00
8. Log in to comment