[Openid-specs-fapi] JARM: Recommended value for lifetime of authorization response JWT
Torsten Lodderstedt
torsten at lodderstedt.net
Tue Sep 25 17:50:40 UTC 2018
https://bitbucket.org/openid/fapi/pull-requests/78/added-lifetime-recommendation-similar-to/diff
> Am 24.09.2018 um 14:41 schrieb Torsten Lodderstedt via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>:
>
> Hi Takahiko,
>
> using the same default as for authz codes seems reasonable to me. I will add a recommendation.
>
> kind regards,
> Torsten.
>
>> Am 23.09.2018 um 06:16 schrieb Takahiko Kawasaki via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>:
>>
>> Hi,
>>
>> Do you have any recommended value for lifetime of authorization response JWT like the authorization code in RFC 6749?
>>
>> From RFC 6749, 4.1.2. Authorization Response
>>
>> code
>> REQUIRED. The authorization code generated by the
>> authorization server. The authorization code MUST expire
>> shortly after it is issued to mitigate the risk of leaks. A
>> maximum authorization code lifetime of 10 minutes is
>> RECOMMENDED. The client MUST NOT use the authorization code
>> more than once. If an authorization code is used more than
>> once, the authorization server MUST deny the request and SHOULD
>> revoke (when possible) all tokens previously issued based on
>> that authorization code. The authorization code is bound to
>> the client identifier and redirection URI.
>>
>> If you have, it would be great if it is mentioned in the specification.
>>
>> Best Regards,
>> Takahiko Kawasaki
>> Authlete, Inc.
>>
>> _______________________________________________
>> Openid-specs-fapi mailing list
>> Openid-specs-fapi at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3872 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20180925/614f5dd8/attachment.p7s>
More information about the Openid-specs-fapi
mailing list