[mitreid-connect] ODIC client - refresh token question

Iván Perdomo ivan at akvo.org
Tue May 12 04:34:55 EDT 2015


Hi,

On 05/11/2015 05:15 PM, Justin Richer wrote:
> Note that refreshing the access token does not log the user in again — it happens in the background and the user could have long since left. But if what you’re after is accessing background services when the user’s no longer present (i.e., the typical OAuth case), then this makes sense.

Thanks for your explanation. I thought that using the refresh token was
a way of checking the session, if the user was already out or not, but I
guess that is unrelated. I see that OIDC has a draft spec on session
management:
http://openid.net/specs/openid-connect-session-1_0.html

Again, thanks for your clarification.


-- 
Iván

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150512/fce7028e/attachment.bin


More information about the mitreid-connect mailing list