On Sun, May 30, 2010 at 9:47 AM, Dick Hardt <[email protected]> wrote: > I think so. In WRAP the verification code was RECOMMENDED one time use.
Yep. Servers must enforce time-limits on verification codes. Servers may make verification codes single use tokens. Clients must not attempt to redeem a verification code more than once. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
