[Openid-specs-fapi] Issue #349: authorization code replay (openid/fapi)

dgtonge issues-reply at bitbucket.org
Wed Nov 25 13:17:33 UTC 2020


New issue 349: authorization code replay
https://bitbucket.org/openid/fapi/issues/349/authorization-code-replay

Dave Tonge:

FAPI 2.0 has this: “shall verify, if possible, that the authorization code \(section 1.3.1 of \[@!RFC6749\]\) has not been previously used”

FAPI 1.0 has this: “shall reject an authorization code \(section 1.3.1 of RFC6749\) if it has been previously used;”

Why can’t we keep it the same?

‌




More information about the Openid-specs-fapi mailing list