On Thu, Jul 15, 2010 at 7:22 AM, Brian Campbell <bcampb...@pingidentity.com> wrote: > The Authorization Code value MUST be constructed from > a cryptographically strong random or pseudo-random number > sequence [RFC1750] generated by the Authorization Server. > The probability of any two Authorization Code values being > identical MUST be less than or equal to 2^(-128) and SHOULD > be less than or equal to 2^(-160).
Does that text preclude using stateless authorization code implementations? Authorization codes are issued frequently and change rapidly, so I am very interested in supporting stateless implementations. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
