Max age

Issue #16 closed
Torsten Lodderstedt created an issue

No description provided.

Comments (4)

  1. Jörg Connotte

    Any recommendations about the usage of max_age will be specified in the Mobile Connect Profile 1.2. What is left to do here?

  2. Jörg Connotte

    This is a difficult topic in the context of multi-factor and risk-based authentication. A 2nd factor (reauthentication) use case is better addressed using prompt=login together with acr_values. The discussion of max_age will be brought to the OpenID Connect community

  3. Log in to comment