You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a new registration is returned from the registration_endpoint, it contains a non-zero value in client_secret_expires_at. This indicates that after this time, the secret should not be valid but it is not true. The validity of secret is not checked anywhere during the processing of the requests.
According to specifications, this should return 0 in client_secret_expires_at.
But I think it would be more useful to add the checking of the client_secret validity to the code as well as a configuration option for the validity itself.
The text was updated successfully, but these errors were encountered:
When a new registration is returned from the
registration_endpoint
, it contains a non-zero value inclient_secret_expires_at
. This indicates that after this time, the secret should not be valid but it is not true. The validity of secret is not checked anywhere during the processing of the requests.According to specifications, this should return
0
inclient_secret_expires_at
.But I think it would be more useful to add the checking of the
client_secret
validity to the code as well as a configuration option for the validity itself.The text was updated successfully, but these errors were encountered: