- marked as trivial
Max age
Issue #16
closed
No description provided.
Comments (4)
-
reporter -
Any recommendations about the usage of max_age will be specified in the Mobile Connect Profile 1.2. What is left to do here?
-
This is a difficult topic in the context of multi-factor and risk-based authentication. A 2nd factor (reauthentication) use case is better addressed using prompt=login together with acr_values. The discussion of max_age will be brought to the OpenID Connect community
-
- changed status to closed
This issue didn't come up again, so I close it for now.
- Log in to comment