[mitreid-connect] ODIC client - refresh token question
Iván Perdomo
ivan at akvo.org
Tue May 12 04:34:55 EDT 2015
Hi,
On 05/11/2015 05:15 PM, Justin Richer wrote:
> Note that refreshing the access token does not log the user in again — it happens in the background and the user could have long since left. But if what you’re after is accessing background services when the user’s no longer present (i.e., the typical OAuth case), then this makes sense.
Thanks for your explanation. I thought that using the refresh token was
a way of checking the session, if the user was already out or not, but I
guess that is unrelated. I see that OIDC has a draft spec on session
management:
http://openid.net/specs/openid-connect-session-1_0.html
Again, thanks for your clarification.
--
Iván
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150512/fce7028e/attachment.bin
More information about the mitreid-connect
mailing list