| 40 | | ''Proposal:'' When authorizing a client, the user shall see any previously issued long-term authorizations for that client, which are still active. Any previous long-term authorization shall be revoked by default, thus invalidating previously issued refresh tokens for that client, unless the user explicitly agrees to a duplicate authorization (e.g. for multiple native client on different smartphones). For manually registered clients, the behaviour regarding previously issued authorizations may be configured (field {{{code_grant_multiple}}} in table {{{api_client}}}), thus avoiding an interactive decision by the user. |
| | 40 | When authorizing a client, the user shall see any previously issued long-term authorizations for that client, which are still active. Any previous long-term authorization shall be revoked by default, thus invalidating previously issued refresh tokens for that client, unless the user explicitly agrees to a duplicate authorization (e.g. for multiple native clients on different smartphones). For manually registered clients, the behaviour regarding previously issued authorizations may be configured (field {{{code_grant_multiple}}} in table {{{api_client}}}), thus avoiding an interactive decision by the user. |
