openid / connect / issues / #735 - 2.2.1. Client Register Operation Response: default expires_at value? — Bitbucket

Issue #735 resolved

Vladimir Dzhuvinov created an issue 2013-01-29

If a client_secret is returned but the expires_at parameter is omitted in the response, what expiration should the client assume?

Should we define a default value of zero (no-expiration) for this case?

Or should we require the expires_at parameter to be present when a client_secret is returned?

Comments (5)

Former user Account Deleted
If it's not included, the client can't assume anything about the expiration of the client_secret.
- 2013-01-30T19:32:46+00:00
Michael Jones
- assigned issue to
  
  Michael Jones
We decided to always require expires_at when a client secret is returned.
- 2013-01-31T15:48:21+00:00
Vladimir Dzhuvinov reporter
Thanks,

vladimir
- 2013-01-31T15:58:21+00:00
Michael Jones
- changed status to resolved
Fixed ~~#735~~ - Require expires_at value in Client Register response

→ <<cset a846b53cada8>>
- 2013-02-01T02:12:40+00:00
Michael Jones
Fixed ~~#735~~ - Require "client_secret_expires_at" if "client_secret" is issued.

→ <<cset e941bdd31df5>>
- 2013-05-24T20:59:25+00:00
Log in to comment

Assignee: Michael Jones

Type: bug

Priority: major

Status: resolved

Component: Registration

Milestone: Implementer's Draft

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!