oauth2-server issues

Results 4 oauth2-server issues

Sort by recently updated

Make the /verify endpoint accept a token instead of client creds

This would mean less evaluations of scrypt and less handling of the credentials themselves.

Refresh should not issue new refresh token unless needed

A token_refresh grant should issue a new refresh token only when the existing refresh token is due to expire before the new bearer token.

thsutton

Control over issuing refresh tokens

It should be possible to control the provision of refresh tokens. Particular policies that would likely be useful: - Include/exclude for particularly non-/sensitive scopes. - Include/exclude for particularly non-/trusty-worthy clients.

thsutton

Hackage release

Hi, have you got any plans to release oauth2-server to hackage?

alexbiehl

oauth2-server
oauth2-server copied to clipboard

Metadata

Make the /verify endpoint accept a token instead of client creds

Refresh should not issue new refresh token unless needed

Control over issuing refresh tokens

Hackage release

← Metadata

Owner

Metadata

oauth2-server oauth2-server copied to clipboard

Metadata

Make the /verify endpoint accept a token instead of client creds

Refresh should not issue new refresh token unless needed

Control over issuing refresh tokens

Hackage release

← Metadata

Owner

Metadata

oauth2-server
oauth2-server copied to clipboard