[Openid-specs-fapi] Issue #349: authorization code replay (openid/fapi)
issues-reply at bitbucket.org
Wed Nov 25 13:17:33 UTC 2020
New issue 349: authorization code replay
FAPI 2.0 has this: “shall verify, if possible, that the authorization code \(section 1.3.1 of \[@!RFC6749\]\) has not been previously used”
FAPI 1.0 has this: “shall reject an authorization code \(section 1.3.1 of RFC6749\) if it has been previously used;”
Why can’t we keep it the same?
More information about the Openid-specs-fapi