How long is the authorization code valid once generated. Is it possible to set an expiration on authorization code so as to have an OTP kind of behaviour?
If not, can we add this as a new feature?
(Response from @bobby-vandiver):
No, there currently isn't any expiration on an authorization code. It would be up to the application to remove expired authorization codes. I do agree that this would be useful for the plugin to provide out of the box, though.
(Migrated from https://github.com/bluesliverx/grails-spring-security-oauth2-provider/issues/122 reported by @himani-joshi)
Hi,
How long is the authorization code valid once generated. Is it possible to set an expiration on authorization code so as to have an OTP kind of behaviour?
If not, can we add this as a new feature?
(Response from @bobby-vandiver): No, there currently isn't any expiration on an authorization code. It would be up to the application to remove expired authorization codes. I do agree that this would be useful for the plugin to provide out of the box, though.