Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add refresh tokens and expiration #26

Open
rmccue opened this issue Jul 3, 2017 · 2 comments
Open

Add refresh tokens and expiration #26

rmccue opened this issue Jul 3, 2017 · 2 comments
Assignees
@almirbi

Comments

@rmccue
Copy link
Member

rmccue commented Jul 3, 2017

Access tokens need to support expiration, and refresh tokens need to be issued to clients during the regular flow.

https://tools.ietf.org/html/rfc6749#section-6
@rmccue
Copy link
Member Author

rmccue commented Jul 3, 2017

See this IETF mailing list thread for typical times; access tokens at 1 hour and refresh tokens with no expiry seems decent to me.

@rmccue rmccue mentioned this issue Jul 3, 2017
Merged
@almirbi almirbi self-assigned this Sep 5, 2017
@spacedmonkey
Copy link
Contributor

On the oauth 1 plugin, I discuss making access token to post instead of options. See WP-API/OAuth1#215 (comment) . If expirey is implemented here, it might be worth, doing the same. The post created / updated dates would be extremely useful to work out when tokens were created.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@almirbi almirbi

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rmccue @spacedmonkey @almirbi