Max age

Issue #16 closed

Torsten Lodderstedt created an issue 2015-06-07

No description provided.

Comments (4)

Torsten Lodderstedt reporter
- marked as trivial
- 2015-06-16T08:52:46+00:00
Jörg Connotte
Any recommendations about the usage of max_age will be specified in the Mobile Connect Profile 1.2. What is left to do here?
- 2015-09-23T08:17:49+00:00
Jörg Connotte
This is a difficult topic in the context of multi-factor and risk-based authentication. A 2nd factor (reauthentication) use case is better addressed using prompt=login together with acr_values. The discussion of max_age will be brought to the OpenID Connect community
- 2015-09-23T15:47:23+00:00
Jörg Connotte
- changed status to closed
This issue didn't come up again, so I close it for now.
- 2017-06-13T09:05:22+00:00
Log in to comment