Hi Ludwig, On 12/12/2018 11:05 AM, Ludwig Seitz wrote: > On 12/12/2018 10:33, Stefanie Gerdes wrote: >> Hi again, >> >> I have one additional comment to ace-oauth-17: >> >> Section 5.8.1 recommends that RS stores only one token per key and that >> existing tokens are overwritten by new tokens. I wonder how the RS knows >> which token is the most recent. I don't think the expiration time helps >> in this case because it should be possible for the AS to >> provide a token that expires earlier than the previous token. >> >> >> Viele Grüße >> Steffi >> > > "Recent" here is meant as "most recently received". That is something > the RS definitely can track.
The token most recently received by RS is not necessarily the newest. A client may (accidentally or not) send the older token later than the newer token. Viele Grüße Steffi _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
