You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OP-OAuth-2nd-Revokes requires that using an authorization code twice revokes access tokens.
See also 10.5 of RFC6749
The requirement is only for access tokens based on the code itself, but this won't be possible for JWT tokens which aren't cached at the OP. The code would also have to be stored with the token.
The text was updated successfully, but these errors were encountered:
OP-OAuth-2nd-Revokes requires that using an authorization code twice revokes access tokens.
See also 10.5 of RFC6749
The requirement is only for access tokens based on the code itself, but this won't be possible for JWT tokens which aren't cached at the OP. The code would also have to be stored with the token.
The text was updated successfully, but these errors were encountered: