-
assigned issue to
authorization code replay
Issue #349
resolved
FAPI 2.0 has this: “shall verify, if possible, that the authorization code (section 1.3.1 of [@!RFC6749]) has not been previously used”
FAPI 1.0 has this: “shall reject an authorization code (section 1.3.1 of RFC6749) if it has been previously used;”
Why can’t we keep it the same?
Comments (4)
-
-
We talked about this on today’s call and I believe agreed to use the text from FAPI 1.0.
-
- changed status to resolved
Fix Issue
#349→ <<cset 94d45dd8fe34>>
-
- changed component to FAPI2: Security Profile
- Log in to comment