[Openid-specs-ab] UserInfo endpoint: How to respond on invalid / deleted user?
vladimir at connect2id.com
Tue Mar 17 12:53:11 UTC 2020
Suggestions how to respond when the UserInfo is called with a valid
access token, but the subject has been deleted or invalidated after the
original authZ / token refresh?
The current Core spec addresses only the bearer token error cases:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4007 bytes
Desc: S/MIME Cryptographic Signature
More information about the Openid-specs-ab