broch icon indicating copy to clipboard operation
broch copied to clipboard
verified publisher icon tekul

Access token revocation on code reuse attempt

Open tekul opened this issue 10 years ago • 0 comments

OP-OAuth-2nd-Revokes requires that using an authorization code twice revokes access tokens.

See also 10.5 of RFC6749

The requirement is only for access tokens based on the code itself, but this won't be possible for JWT tokens which aren't cached at the OP. The code would also have to be stored with the token.

tekul avatar Mar 26 '15 14:03 tekul