You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Review access token rotation following previous work on PR129 - Continuation Request
Could race conditions occur if the AS rotates its token?
Should it be allowed to rotate?
We should discuss the potential race condition upon any token rotation, and have an allowance for accepting the old token during a short interim window to account for this kind of race condition. The rotation request needs to be idempotent: a repeated rotation request needs to return the same information and not do another rotation.
Review access token rotation following previous work on PR129 - Continuation Request
Could race conditions occur if the AS rotates its token?
Should it be allowed to rotate?
See more discussion at https://mailarchive.ietf.org/arch/msg/txauth/MW3v-G1tbVFMsLXZFLP2RUMs-ds/
The text was updated successfully, but these errors were encountered: