libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Merge pull request #44 from michiel/feature/typo-replay

Browse source 
Correct typo in reply/replay
This commit is contained in:
Stian Thorgersen 2016-10-31 11:39:00 +01:00 committed by GitHub
commit 5834fa9fb2
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
topics/sso-protocols/oidc.adoc
View file

@ -41,7 +41,7 @@ heavy use of browser redirects to obtain an _identity_ and _access_ token. Here
as a query parameter in the callback URL. as a query parameter in the callback URL.
. The application extracts the temporary code and makes a background out of band REST invocation to {{book.project.name}} . The application extracts the temporary code and makes a background out of band REST invocation to {{book.project.name}}
to exchange the code for an _identity_, _access_ and _refresh_ token. Once this temporary code has been used once to exchange the code for an _identity_, _access_ and _refresh_ token. Once this temporary code has been used once
to obtain the tokens, it can never be used again. This prevents potential reply attacks. to obtain the tokens, it can never be used again. This prevents potential replay attacks.
It is important to note that _access_ tokens are usually short lived and often expired after only minutes. The additional _refresh_ It is important to note that _access_ tokens are usually short lived and often expired after only minutes. The additional _refresh_
token that was transmitted by the login protocol allows the application to obtain a new access token after it expires. This token that was transmitted by the login protocol allows the application to obtain a new access token after it expires. This