[keycloak-dev] Why access code is in memory

Bill Burke bburke at redhat.com
Thu Feb 20 15:34:38 EST 2014

I remember one of the reasons access code is in memory.  When a code is 
turned into a token, the code is removed.  Thus, the code can only be 
used once and only once to obtain an access token.  This can be 
mitigated of course by timeouts on the access code.

Bill Burke
JBoss, a division of Red Hat

More information about the keycloak-dev mailing list