~fkooman/vpn-documentation

13ed958d65981a2744683ffbffae1c0d2c51e36d — François Kooman a month ago b64a44d
make clear that "the only difference" now refers only to OAuth
1 files changed, 5 insertions(+), 4 deletions(-)

M API_V3.md
M API_V3.md => API_V3.md +5 -4
@@ 28,10 28,11 @@ The VPN servers provide an API protected with
in draft. If the application implemented the [APIv2](API.md), it will also
work as-is with APIv3. 

The _only_ difference between APIv2 and APIv3 is that refresh tokens are now 
single use. When using a refresh token, the response includes also a _new_ 
refresh token. Should a refresh token be used multiple times, the whole 
authorization is revoked and the client will need to reauthorize.
The _only_ difference in the OAuth implementation between APIv2 and APIv3 is 
that refresh tokens are now single use. When using a refresh token, the 
response includes also a _new_ refresh token. Should a refresh token be used 
multiple times, the whole authorization is revoked and the client will need to 
reauthorize.

After some rudimentary tests, it seems all existing eduVPN/Let's Connect! 
clients are handling this properly.