[Openid-specs-fapi] Issue #378: sharing grant_id among different clients (openid/fapi)
issues-reply at bitbucket.org
Thu Feb 18 14:44:30 UTC 2021
New issue 378: sharing grant_id among different clients
The draft dare state that `grant_id` may be shared among different clients, but I'm concerned about the idea. If it is allowed, an entity can collect a big set of permissions by releasing many client applications even if the number of permissions requested by each of the client applications may be small.
More information about the Openid-specs-fapi