Restrictions on authorization code content

oauth-wg / oauth-v2-1

OAuth 2.1 is a consolidation of the core OAuth 2.0 specs

https://oauth.net/2.1/

Other

53 stars 27 forks source link

Closed aaronpk closed 3 years ago

aaronpk commented 3 years ago

From Vittorio:

Should we say that the code should be opaque to the client, to discourage the use of structured code templates that can be partially manufactured?

aaronpk commented 3 years ago

I agree, but I am not sure the best way or place to say this.

tlodderstedt commented 3 years ago

I suggest to add this to the definition of the code parameter (similar to access token opaqueness).

dickhardt commented 3 years ago