Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add refresh tokens and expiration #26

Open
rmccue opened this issue Jul 3, 2017 · 2 comments
Open

Add refresh tokens and expiration #26

rmccue opened this issue Jul 3, 2017 · 2 comments
Assignees
@almirbi

Comments

@rmccue
Copy link
Member

rmccue commented Jul 3, 2017

Access tokens need to support expiration, and refresh tokens need to be issued to clients during the regular flow.

https://tools.ietf.org/html/rfc6749#section-6
@rmccue
Copy link
Member Author

rmccue commented Jul 3, 2017

See this IETF mailing list thread for typical times; access tokens at 1 hour and refresh tokens with no expiry seems decent to me.

@rmccue rmccue mentioned this issue Jul 3, 2017
Merged
@almirbi almirbi self-assigned this Sep 5, 2017
@spacedmonkey
Copy link
Contributor

On the oauth 1 plugin, I discuss making access token to post instead of options. See WP-API/OAuth1#215 (comment) . If expirey is implemented here, it might be worth, doing the same. The post created / updated dates would be extremely useful to work out when tokens were created.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@almirbi almirbi

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rmccue @spacedmonkey @almirbi