Proper OAuth2 response for token expiration?

IdentityServer / IdentityServer2

[deprecated] Thinktecture IdentityServer is a light-weight security token service built with .NET 4.5, MVC 4, Web API and WCF.

Other

410 stars 291 forks source link

Proper OAuth2 response for token expiration? #748

Closed eldiosyeldiablo closed 10 years ago

eldiosyeldiablo commented 10 years ago

I am reading the OAuth2 specification and as am reading it when the server determines that the token has expired then the response should tell the application. http://tools.ietf.org/html/rfc6749#page-49

However, I am having problems understanding/finding the proper error_description Thinktecture.IdentityModel.Client.OAuth2Constants.Errors has a number of error codes but I don't find one that matches expired token. Nor can I find it in the OAuth2 specification.

brockallen commented 10 years ago

IIRC, this is not well described.

eldiosyeldiablo commented 10 years ago

Thank you. I will implement as we deem appropriate.