search

indieweb / indieauth

IndieAuth.net website code and IndieAuth Specification
52 stars 7 forks source link

Add section about accessing protected resources #89

Closed aaronpk closed 2 years ago

aaronpk commented 2 years ago

Mainly so that we can talk about error responses for expired tokens. Referencing RFC6749 section 7.

This is particularly relevant if we are expecting more people to issue access tokens that expire along with refresh tokens. #81

dshanske commented 2 years ago

The response should be, if I read correctly, 'invalid_token'.