[Openid-specs-fapi] Issue #349: authorization code replay (openid/fapi)

dgtonge issues-reply at bitbucket.org
Wed Nov 25 13:17:33 UTC 2020

New issue 349: authorization code replay

Dave Tonge:

FAPI 2.0 has this: “shall verify, if possible, that the authorization code \(section 1.3.1 of \[@!RFC6749\]\) has not been previously used”

FAPI 1.0 has this: “shall reject an authorization code \(section 1.3.1 of RFC6749\) if it has been previously used;”

Why can’t we keep it the same?


More information about the Openid-specs-fapi mailing list