[Openid-specs-mobile-profile] Issue #171: Add clarification if auth_req_id should be treated one time use or not (openid/mobile)

jeps issues-reply at bitbucket.org
Tue Dec 10 15:35:09 UTC 2019


New issue 171: Add clarification if auth_req_id should be treated one time use or not
https://bitbucket.org/openid/mobile/issues/171/add-clarification-if-auth_req_id-should-be

Petteri Stenius:

When there is a successful token response to a token request using ciba grant type, does the auth\_req\_id value expire immediately \(one time use\) or is the client allowed to use the same auth\_req\_id value again until it expires because of timeout?




More information about the Openid-specs-mobile-profile mailing list