Fetch URL must be unique for each session

AICC / CMI-5_Spec_Current

cmi5

http://adlnet.gov

Apache License 2.0

181 stars 91 forks source link

Fetch URL must be unique for each session #702

Closed thomasturrell closed 3 years ago

thomasturrell commented 3 years ago

From the spec:

8.1.2 fetch

The fetch URL is a "one-time use" URL and subsequent uses SHOULD generate an error as defined in section 8.2. The authorization token returned by the fetch URL MUST be limited to the duration of a specific user session.

thomasturrell commented 3 years ago

This is a change to the best practices section on the cmi5 website.