Changes between Version 34 and Version 35 of API_security


Ignore:
Timestamp:
08/10/2012 04:00:41 PM (9 months ago)
Author:
jbe
Comment:

New section "Short term access tokens and mandatory refreshing of refresh tokens and access tokens"

Legend:

Unmodified
Added
Removed
Modified

  • API_security

    v34 v35  
    2929 
    3030Unregistered clients use a client_id identical to their redirection endpoint, when directing the member to the authorization endpoint. The member is then asked automatically if he/she wants to register this client for him/herself. 
     31 
     32== Short term access tokens and mandatory refreshing of refresh tokens and access tokens == 
     33 
     34Access tokens are only valid short term. For long term access of an API consumer, the API consumer must refresh its access tokens. This refresh is done without user interaction. When an access token is refreshed, both a new access token and a new refresh token are issued by the API server. The API consumer MUST discard the old refresh token. When the new access token or the new refresh token is used for the first time, the old refresh token is automatically invalidated by the server. 
    3135 
    3236== Multiple authorizations per member for a single client ==