[Openid-specs-ab] Issue #39: Trying to use access code twice should result in an error (OP-I-01) - relax test success criteria (openid/certification)
Michael Jones
issues-reply at bitbucket.org
Wed Jan 28 03:28:04 UTC 2015
New issue 39: Trying to use access code twice should result in an error (OP-I-01) - relax test success criteria
https://bitbucket.org/openid/certification/issue/39/trying-to-use-access-code-twice-should
Michael Jones:
The working group discussed this test during the 26-Jan-15 working group call and decided that for some kinds of implementations, this may be too hard to enforce for servers - particularly distributed implementations. Two alternatives were considered:
- Make allowing immediate reuse a warning condition rather than an error
- Insert a time delay of 30 seconds between the first use and the second use and only say that it's an error if reuse is still permitted by the implementation after 30 seconds have elapsed
Please update the test code to do one or the other of these things.
Responsible: Rohe
More information about the Openid-specs-ab
mailing list