On Thu, Jul 15, 2010 at 7:22 AM, Brian Campbell <[email protected]> wrote: > The Authorization Code value MUST be constructed from > a cryptographically strong random or pseudo-random number > sequence [RFC1750] generated by the Authorization Server. > The probability of any two Authorization Code values being > identical MUST be less than or equal to 2^(-128) and SHOULD > be less than or equal to 2^(-160).
Does that text preclude using stateless authorization code implementations? Authorization codes are issued frequently and change rapidly, so I am very interested in supporting stateless implementations. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
