diff options
author | Lars Wirzenius <liw@liw.fi> | 2019-03-31 18:46:11 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2019-03-31 18:46:11 +0300 |
commit | 1215bc4bbb8654fdfc9d48cab2440d4674635b30 (patch) | |
tree | 74c05f78abcf8a5c25b29862952cdaee72b810e7 | |
parent | 05ddf6055613df102072a5c667d698dfb44bef43 (diff) | |
download | ick.liw.fi-1215bc4bbb8654fdfc9d48cab2440d4674635b30.tar.gz |
Add: note that access tokens can't be revoked
-rw-r--r-- | yuck.mdwn | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -41,7 +41,8 @@ Muck JSON store, but support for, say, LDAP can be added. ## Terminology and concepts * **access token**: a token which grants access to a service or - resource; usually short-lived, but see refresh token + resource; usually quite short-lived (maybe less than a minute), + since it can't be easily revoked, but see refresh token * **API client**: a program that uses the API, either on behalf of an end-user, or on its own behalf @@ -85,7 +86,8 @@ Muck JSON store, but support for, say, LDAP can be added. end users; see [OIDC][] * **refresh token**: a token that can be used to get a new access - token; usually long-lived, but can be revoked + token; usually long-lived, but can be revoked, since every use can + be checked by the IDP * **relying party**: software that relies on the IDP for authentication and authorization; often a resource provider, but can |