Am 18.05.2018 um 18:20 schrieb John Bradley:
> I am not against having "as" as REQUIRED.
>
> While we are at it should we recommend that rfp be single use?
If the state JWT is *not* signed and the client has no other means to
check the integrity of the JWT (e.g., by storing a copy in the browser'
Thanks
On Sat, May 19, 2018, 3:09 PM Daniel Fett
wrote:
> Am 18.05.2018 um 18:20 schrieb John Bradley:
>
> I am not against having "as" as REQUIRED.
>
> While we are at it should we recommend that rfp be single use?
>
> If the state JWT is *not* signed and the client has no other means to
> chec
Hi,
I developing an implementation of back channel token revocation endpoint.
And I think we should reconsider and probably change the specification to
improve error handling.
Here we see several situations of error state:
1. token wasn't sent in request.
2. token is invalid by format i.e. not JW
