Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include Cache-Control and Pragma headers in token exchange response example #117

Open
barnabywalters opened this issue Oct 23, 2022 · 2 comments
Open

Include Cache-Control and Pragma headers in token exchange response example #117

barnabywalters opened this issue Oct 23, 2022 · 2 comments

Comments

@barnabywalters
Copy link
Member

According to https://www.rfc-editor.org/rfc/rfc6749#section-5.1, token exchange responses MUST contain the following headers

Cache-Control: no-store
Pragma: no-cache

Consider adding these to https://indieauth.spec.indieweb.org/#example-12 to make it more likely that people implementing IndieAuth servers based purely on the IndieAuth spec include them
@sknebel
Copy link
Member

sknebel commented Oct 23, 2022

good idea, definitively do that IMHO

@barnabywalters
Copy link
Member Author

Looks like it might be better to reduce this to only Cache-control: no-store, as while Pragma is required for OAuth 2.0, it’s dropped in 2.1 due to its behaviour being undefined (Taproot/indieauth#22)

@barnabywalters barnabywalters mentioned this issue Nov 22, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@barnabywalters @sknebel