libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Correct typo in reply/replay

Browse source
This commit is contained in:
Michiel Kalkman 2016-10-31 11:15:55 +01:00
parent 15d15dcfa6
commit 5585834299
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
topics/sso-protocols/oidc.adoc
View file

@ -41,7 +41,7 @@ heavy use of browser redirects to obtain an _identity_ and _access_ token. Here
as a query parameter in the callback URL.
. The application extracts the temporary code and makes a background out of band REST invocation to {{book.project.name}}
to exchange the code for an _identity_, _access_ and _refresh_ token. Once this temporary code has been used once
to obtain the tokens, it can never be used again. This prevents potential reply attacks.
to obtain the tokens, it can never be used again. This prevents potential replay attacks.
It is important to note that _access_ tokens are usually short lived and often expired after only minutes. The additional _refresh_
token that was transmitted by the login protocol allows the application to obtain a new access token after it expires. This