Here’s draft 1 of the OAuth Session extension which was discussed at the OAuth Summit.

This extension allows SPs to issue Access Tokens that can expire during the duration that the consumer is authorized, and defines a workflow for consumers to automatically refresh their Access Tokens. Additionally, this extension defines a mechanism for Consumers to request access to additional Protected Resources offered by the same Service Provider after being initially authorized.

We also added a interface for Consumers to tell the SP to invalidate its credentials.

Feedback and comments would be appreciated.

If you’re interested in providing feedback, please join the list and let your thoughts be known before this moves into subsequent drafts towards the final version!