Hi, In Authorization code flow, after resource owner authentication and approval, the application is provided with an authorization code in response by authorization server. The authorization code is basically the resource owner authorization to the application for resource owner data access. That means authorization code is bound to the application.
Is it possible that for two resource owner authentication, same authorization code is returned in response? e.g. Resource owner 1 : Authenticate successfully -> Approval -> authorization code = 123 issued Resource owner 2 : Authenticate successfully -> Approval -> authorization code = 123 issued Regards, Bilal Ashraf
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
