[Openid-specs-fapi] Issue #349: authorization code replay (openid/fapi)
dgtonge
issues-reply at bitbucket.org
Wed Nov 25 13:17:33 UTC 2020
New issue 349: authorization code replay
https://bitbucket.org/openid/fapi/issues/349/authorization-code-replay
Dave Tonge:
FAPI 2.0 has this: “shall verify, if possible, that the authorization code \(section 1.3.1 of \[@!RFC6749\]\) has not been previously used”
FAPI 1.0 has this: “shall reject an authorization code \(section 1.3.1 of RFC6749\) if it has been previously used;”
Why can’t we keep it the same?
More information about the Openid-specs-fapi
mailing list