openid / fapi / issues / #349 - authorization code replay — Bitbucket

Issue #349 resolved

Dave Tonge created an issue 2020-11-25

FAPI 2.0 has this: “shall verify, if possible, that the authorization code (section 1.3.1 of [@!RFC6749]) has not been previously used”

FAPI 1.0 has this: “shall reject an authorization code (section 1.3.1 of RFC6749) if it has been previously used;”

Why can’t we keep it the same?

‌

Comments (4)

Daniel Fett
- assigned issue to
  
  Daniel Fett
- 2020-11-25T14:06:40+00:00
Joseph Heenan
We talked about this on today’s call and I believe agreed to use the text from FAPI 1.0.
- 2020-11-25T14:48:23+00:00
Daniel Fett
- changed status to resolved
Fix Issue ~~#349~~

→ <<cset 94d45dd8fe34>>
- 2021-01-06T13:13:47+00:00
Nat Sakimura
- changed component to FAPI2: Security Profile
- 2022-12-14T15:35:23+00:00
Log in to comment

Assignee: Daniel Fett

Type: bug

Priority: major

Status: resolved

Component: FAPI2: Security Profile

Milestone: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!