[Openid-specs-fapi] Issue #379: lifetime of grant_id (openid/fapi)

Takahiko Kawasaki issues-reply at bitbucket.org
Thu Feb 18 14:45:51 UTC 2021

New issue 379: lifetime of grant_id

Takahiko Kawasaki:

>From an implementer's point of view, it is a big point whether the lifetime of `grant_id` expires or not. If `grant_id` should not be invalidated even after all access/refresh tokens associated with the `grant_id` expire, maintaining `grant_id` records would become a hard task for authorization server implementations. It's because there is no timing for authorization server implementations to delete `grant_id` records and garbage `grant_id` records continue to be accumulated endlessly.

More information about the Openid-specs-fapi mailing list