FAPI-R: Clarify authorization code reuse requirements
Joseph Heenan
Branch: josephheenan/fapi:part1-auth-code-reuse
Branch: openid/fapi:master
Merged
Merged pull request
Merged in josephheenan/fapi/part1-auth-code-reuse (pull request #113)
Merged in josephheenan/fapi/part1-auth-code-reuse (pull request #113)
The OpenID Connect and OAuth2 specifications in places use unclear language when
talking about reuse of authorization codes.
This text attempts to state a clear position. The position chosen is
that already documented in one section of RFC6749 4.1.2:
In some ways it is not necessary to repeat this as it is already
in RFC6749, however the clause is often missed and OIDCC adds
confusion by adding 'if possible'.
closes #86