[Openid-specs-fapi] Issue #755: Some FAPI2SP clauses about the authorization code flow are in the wrong section (openid/fapi)
josephheenan
issues-reply at bitbucket.org
Wed Sep 24 09:54:10 UTC 2025
New issue 755: Some FAPI2SP clauses about the authorization code flow are in the wrong section
https://bitbucket.org/openid/fapi/issues/755/some-fapi2sp-clauses-about-the
Joseph Heenan:
I think we discussed this in the context of [https://bitbucket.org/openid/fapi/issues/752/request-for-a-tailored-fapi-20-conformance](https://bitbucket.org/openid/fapi/issues/752/request-for-a-tailored-fapi-20-conformance) already, but I couldn’t find a dedicated issue:
Some of the clauses in FAPI2SP look like they’re in the wrong place. In particular:
* shall issue authorization codes with a maximum lifetime of 60 seconds;
* if using DPoP, shall support "Authorization Code Binding to DPoP Key" \(as required by Section 10.1 of \[[RFC9449](https://openid.bitbucket.io/fapi/fapi-security-profile-2_0.html#RFC9449)\]\);
are in the ‘general requirements’ instead of ‘authorization endpoint’ section.
More information about the Openid-specs-fapi
mailing list