diff options
| author | Lars Wirzenius <liw@liw.fi> | 2018-08-06 15:27:20 +0300 |
|---|---|---|
| committer | Lars Wirzenius <liw@liw.fi> | 2018-08-06 15:27:20 +0300 |
| commit | 09feb01bd97c4b3e372750c0f894cd65ee42d86a (patch) | |
| tree | a129b1d0997e973de107b71487d8e99cb44ace58 /yarns | |
| parent | 5416c57cd286ab614129a398fe4d2da681ecc8f4 (diff) | |
| download | qvisqve-09feb01bd97c4b3e372750c0f894cd65ee42d86a.tar.gz | |
Fix: authorization code can only be used once
Diffstat (limited to 'yarns')
| -rw-r--r-- | yarns/300-end-user-auth.yarn | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/yarns/300-end-user-auth.yarn b/yarns/300-end-user-auth.yarn index e69ccad..da79b03 100644 --- a/yarns/300-end-user-auth.yarn +++ b/yarns/300-end-user-auth.yarn @@ -181,4 +181,11 @@ this. Needs research and thinking. AND access token has a scope field set to read AND access token has a sub field set to tomjon +The authorization code can't be re-used. + + WHEN facade requests POST /token, with + ... form values grant_type=authorization_code and code=${CODE} + ... using Basic Auth with username facade, password happydays + THEN HTTP status code is 400 Bad request + FINALLY Qvisqve is stopped |