Hi again, I have one additional comment to ace-oauth-17:
Section 5.8.1 recommends that RS stores only one token per key and that existing tokens are overwritten by new tokens. I wonder how the RS knows which token is the most recent. I don't think the expiration time helps in this case because it should be possible for the AS to provide a token that expires earlier than the previous token. Viele Grüße Steffi _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
