Changes between Version 27 and Version 28 of API_security


Ignore:
Timestamp:
08/10/2012 02:29:47 PM (9 months ago)
Author:
jbe
Comment:

Proposal regarding multiple authorizations per client

Legend:

Unmodified
Added
Removed
Modified

  • API_security

    v27 v28  
    1818 
    1919Parameters sent without a value MUST be treated as if they were omitted from the request.  The authorization server MUST ignore unrecognized request parameters.  Request and response parameters MUST NOT be included more than once. 
     20 
     21Proposal: When authorizing a client, the user shall see any previously issued long-term authorizations for that client, which are still active. Any previous long-term authorization shall be revoked by default, thus voiding previously issued refresh tokens, unless the user explicitly agrees to a duplicate authorization (e.g. for multiple native client on different smartphones). 
    2022 
    2123== Transport layer security ==