openid / connect / issues / #737 - 2.2.2. Rotate Secret Operation Response: registration_access_token — Bitbucket

Issue #737 resolved

Vladimir Dzhuvinov created an issue 2013-01-29

Is the OP permitted or even expected to issue a new registration_access_token on a rotate_secret operation?

If true, shouldn't we be more explicit on that?

Comments (4)

Brian Campbell
2.2.2. Rotate Secret Operation Response says that the registration_access_token is REQUIRED to be returned. Which seems pretty explicit, no?

http://openid.net/specs/openid-connect-registration-1_0-14.html#RotateSecretResponse
- 2013-01-29T14:03:27+00:00
Vladimir Dzhuvinov reporter
Hi Brian,

I was actually wondering, if the "rotate_secret" op is about updating the client_secret, why would then the call also result in a new registration_access_token being issued?

Vladimir
- 2013-01-29T14:58:02+00:00
Former user Account Deleted
The intent is that you would get a new registration_access_token from the rotation, and it's required to be returned whether or not its value actually changes.
- 2013-01-30T15:33:46+00:00
Michael Jones
- changed status to resolved
No change required
- 2013-01-31T03:14:30+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: resolved

Component: Registration

Milestone: Implementer's Draft

Version: –

Votes: 0

Watchers: 0

Jira Software: the preferred issue tracker for Bitbucket. Join the team!