You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If the continuation was previously bound to an access token, the new continue response MUST include a bound access token as well, and this token SHOULD be a new access token.
This used to be a MUST, but is it safe to back off that requirement?
The text was updated successfully, but these errors were encountered:
See also issue #147 (should we rotate them). The question is linked (MUST, SHOULD, or not required) but slightly different, as it is asking whether we could have race conditions if we allow the rotation.
Token lifecycle is up to the AS. The client needs to be able to deal with a new continuation access token on every request if necessary, but there's not a compelling reason for the AS to always do this.
§5 Continuing a Grant Request: Editor's note:
This used to be a MUST, but is it safe to back off that requirement?
The text was updated successfully, but these errors were encountered: