Refresh tokens and expiry do not need to be tied together #24

samskiter · 2014-10-30T10:51:19Z

The OAuth2 spec makes no connection between refresh tokens and expiry. It's possible to have one without the other. Specifically - section 4.4 says there SHOULD NOT be a refresh token. While it is rare that iOS applications will make use of this form of auth, I propose to relax the constraints on refresh tokens and expiry

…:expiration: as deprecated. Fixes gabrielrinaldi#24 and gabrielrinaldi@4aea793

gabrielrinaldi referenced this issue Apr 17, 2015

Allow refresh token to be nil

4aea793

ryanmaxwell pushed a commit to ryanmaxwell/GROAuth2SessionManager that referenced this issue Apr 17, 2015

decouple refreshToken and expiration properties. Mark setRefreshToken…

4aaf78d

…:expiration: as deprecated. Fixes gabrielrinaldi#24 and gabrielrinaldi@4aea793

ryanmaxwell linked a pull request Apr 17, 2015 that will close this issue

decouple refreshToken and expiration properties. #30

Open

chris-unleashed mentioned this issue Mar 1, 2016

decouple refreshToken and expiration properties. unleashedsoftware/GROAuth2SessionManager#1

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Refresh tokens and expiry do not need to be tied together #24

Refresh tokens and expiry do not need to be tied together #24

samskiter commented Oct 30, 2014

Refresh tokens and expiry do not need to be tied together #24

Refresh tokens and expiry do not need to be tied together #24

Comments

samskiter commented Oct 30, 2014