PieterKas
commented
2 months ago The auth_session should be cached by the client in case it is needed for the stepu-up authentication flow as described in the Appendix (section A.7).
Closed yaronf closed 1 week ago
PieterKas
commented
2 months ago The auth_session should be cached by the client in case it is needed for the stepu-up authentication flow as described in the Appendix (section A.7).
Sec. 6.1 (in particular the example), what is the meaning of a response with an access token, a refresh token as well as an auth_session, what is the client expected to do? How should it use the auth_session?