OAuth2 icon indicating copy to clipboard operation
OAuth2 copied to clipboard

Published 20 hours ago verified publisher icon WP-API

Add refresh tokens and expiration

Open rmccue opened this issue 8 years ago • 2 comments

Access tokens need to support expiration, and refresh tokens need to be issued to clients during the regular flow.

https://tools.ietf.org/html/rfc6749#section-6

rmccue avatar Jul 03 '17 02:07 rmccue

See this IETF mailing list thread for typical times; access tokens at 1 hour and refresh tokens with no expiry seems decent to me.

rmccue avatar Jul 03 '17 04:07 rmccue

On the oauth 1 plugin, I discuss making access token to post instead of options. See https://github.com/WP-API/OAuth1/issues/215#issuecomment-398117262 . If expirey is implemented here, it might be worth, doing the same. The post created / updated dates would be extremely useful to work out when tokens were created.

spacedmonkey avatar Jun 19 '18 08:06 spacedmonkey