-
assigned issue to
- changed status to open
Standard 2.3.1.3.3 - Questions about requiring a unique Request File URL for each request
Issue #351
resolved
The spec says "Note that the RP SHOULD use a unique URI for each request, or otherwise prevent the Authorization Server from caching the request_uri."
Yaron Goland wrote: Huh? If the client can upload a file then it can surely upload a POST in which case the whole point of the Request File feature is meaningless. I’m missing something.
Also, why must the request file be unique per request?
Comments (2)
-
-
reporter - changed status to resolved
Fix
#351Standard 2.3.1.3.3 - Questions about requiring a unique Request File URL for each request - Log in to comment
distinct request