[Openid-specs-mobile-profile] Issue #171: Add clarification if auth_req_id should be treated one time use or not (openid/mobile)
jeps
issues-reply at bitbucket.org
Tue Dec 10 15:35:09 UTC 2019
New issue 171: Add clarification if auth_req_id should be treated one time use or not
https://bitbucket.org/openid/mobile/issues/171/add-clarification-if-auth_req_id-should-be
Petteri Stenius:
When there is a successful token response to a token request using ciba grant type, does the auth\_req\_id value expire immediately \(one time use\) or is the client allowed to use the same auth\_req\_id value again until it expires because of timeout?
More information about the Openid-specs-mobile-profile
mailing list