lack of code replay protection and proprietary client authentication method?
In my testing, I wasn't able to use an authorization code twice. Did you see something different?
Sat, Jun 8, 2019 8:29pm -07:00
Have you written a
to this? Let me know the URL:
I assume Torsten meant code injection. When I integrated I couldn’t find any protection against this
Sun, Jun 9, 2019 6:00am +00:00
yes I meant code injection == code replay in the authz response
Sun, Jun 9, 2019 7:03am +00:00