2.2.1. Client Register Operation Response: default expires_at value?
Issue #735
resolved
If a client_secret is returned but the expires_at parameter is omitted in the response, what expiration should the client assume?
Should we define a default value of zero (no-expiration) for this case?
Or should we require the expires_at parameter to be present when a client_secret is returned?
Comments (5)
-
Account Deleted -
-
assigned issue to
We decided to always require expires_at when a client secret is returned.
-
assigned issue to
-
reporter Thanks,
vladimir
-
- changed status to resolved
Fixed
#735- Require expires_at value in Client Register response→ <<cset a846b53cada8>>
-
Fixed
#735- Require "client_secret_expires_at" if "client_secret" is issued.→ <<cset e941bdd31df5>>
- Log in to comment
If it's not included, the client can't assume anything about the expiration of the client_secret.