[Openid-specs-fapi] Issue #546: lower limit on request_uri lifetime in FAPI2 may be too short (openid/fapi)
josephheenan
issues-reply at bitbucket.org
Tue Oct 11 09:01:11 UTC 2022
New issue 546: lower limit on request_uri lifetime in FAPI2 may be too short
https://bitbucket.org/openid/fapi/issues/546/lower-limit-on-request_uri-lifetime-in
Joseph Heenan:
FAPI2SP says:
> shall issue pushed authorization requests `request_uri` with `expires_in` values of between 5 and 600 seconds.
I’m dubious about the 5 seconds here. It seems short enough that it’s going to result in authorization redirects failing on devices with workable-but-not-ideal mobile network connections. I think it may also be possible that on some older Android devices user interaction is required to select an app/browser in some cases.
More information about the Openid-specs-fapi
mailing list