Would that be needed? Generally with OAuth2 a 401 would indicate there is some issue with the token and to either refresh a refresh token (if one was issued) or to request the user re-authorise the application.
Unless we're recommending the use of a refresh token, I'm not sure if we'd need clients to keep an eye on the expires_in from the initial issue, or calls to introspect on the token endpoint
by 
Jamie Tanna
.
This post was filed under replies.
Interactions with this post
Interactions with this post
Below you can find the interactions that this page has had using WebMention.
Have you written a response to this post? Let me know the URL:
Do you not have a website set up with WebMention capabilities? You can use Comment Parade.