1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. fapi
  4. Issues

Incorrect reference in note2

Issue #676 resolved
Ralph Bragg created an issue

NOTE 2: Refresh token rotation is an optional feature defined in Section 6 of [@!RFC6749] where the authorization server issues a new refresh token to the client as part of the refresh_token grant. This specification discourages the use of this feature as it does not bring any security benefits for confidential clients, and can cause significant operational issues. However, to allow for operational agility, authorization servers may implement it providing they meet the requirement in Clause 9.

Wrong Reference, should be clause 10.

  1. shall not use refresh token rotation unless, in the case a response with a new refresh token is not received and stored by the client, retrying the request (with the previous refresh token) will succeed;

Comments (3)

  3. Nat Sakimura

    Merged in Ralph-Bragg/update-clause-reference-in-note2-should--1708723672458 (pull request #473)

    Fixes #676 Update clause reference in Note2, should refer to clause 10 instead of clause 9.

    Approved-by: Dima Postnikov Approved-by: Dave Tonge Approved-by: Joseph Heenan Approved-by: Nat Sakimura

    → <<cset 5987d3a4f981>>

  4. Log in to comment
Assignee
Type
bug
Priority
minor
Status
resolved
Component
FAPI2: Security Profile
Milestone
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!