[Openid-specs-fapi] JARM: Recommended value for lifetime of authorization response JWT

Torsten Lodderstedt torsten at lodderstedt.net
Tue Sep 25 17:50:40 UTC 2018


https://bitbucket.org/openid/fapi/pull-requests/78/added-lifetime-recommendation-similar-to/diff

> Am 24.09.2018 um 14:41 schrieb Torsten Lodderstedt via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>:
> 
> Hi Takahiko,
> 
> using the same default as for authz codes seems reasonable to me. I will add a recommendation. 
> 
> kind regards,
> Torsten. 
> 
>> Am 23.09.2018 um 06:16 schrieb Takahiko Kawasaki via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>:
>> 
>> Hi,
>> 
>> Do you have any recommended value for lifetime of authorization response JWT like the authorization code in RFC 6749?
>> 
>> From RFC 6749, 4.1.2. Authorization Response
>> 
>> code
>>     REQUIRED.  The authorization code generated by the
>>     authorization server.  The authorization code MUST expire
>>     shortly after it is issued to mitigate the risk of leaks.  A
>>     maximum authorization code lifetime of 10 minutes is
>>     RECOMMENDED.  The client MUST NOT use the authorization code
>>     more than once.  If an authorization code is used more than
>>     once, the authorization server MUST deny the request and SHOULD
>>     revoke (when possible) all tokens previously issued based on
>>     that authorization code.  The authorization code is bound to
>>     the client identifier and redirection URI.
>> 
>> If you have, it would be great if it is mentioned in the specification.
>> 
>> Best Regards,
>> Takahiko Kawasaki
>> Authlete, Inc.
>> 
>> _______________________________________________
>> Openid-specs-fapi mailing list
>> Openid-specs-fapi at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
> 
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3872 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20180925/614f5dd8/attachment.p7s>


More information about the Openid-specs-fapi mailing list