BK Comments 5.2.1
Section 5.2.1
It is possible for the Request Object to include values that are to
be revealed only to the Authorization Server. As such, the
"request_uri" MUST have appropriate entropy for its lifetime. For
the guidance, refer to 5.1.4.2.2 of [RFC6819]. It is RECOMMENDED
that it be removed after a reasonable timeout unless access control
measures are taken.
It sounds like a link to https://www.w3.org/TR/capability-urls/ mightalso be useful.
Comments (5)
-
reporter -
-
assigned issue to
-
assigned issue to
-
reporter - changed status to resolved
Merged in edmund_jay/oauth-jwsreq/BK_comments_5.2.1 (pull request #15)
Fixes
#103- BK Comments 5.2.1Approved-by: Nat Sakimura sakimura@gmail.com
→ <<cset 8bd41c318bd8>>
-
reporter Fixes
#103- BK Comments 5.2.1→ <<cset 35f2b49e7917>>
-
reporter Merged in edmund_jay/oauth-jwsreq/BK_comments_5.2.1 (pull request #15)
Fixes
#103- BK Comments 5.2.1Approved-by: Nat Sakimura sakimura@gmail.com
→ <<cset 8bd41c318bd8>>
- Log in to comment
Issue
#88was marked as a duplicate of this issue.