diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java
index 49ead129..ee529828 100644
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java
@@ -239,14 +239,6 @@ public final class OAuth2AuthorizationCodeRequestAuthenticationProvider implemen
 				.build();
 		this.authorizationService.save(authorization);
 
-//		TODO security checks for code parameter
-//		The authorization code MUST expire shortly after it is issued to mitigate the risk of leaks.
-//		A maximum authorization code lifetime of 10 minutes is RECOMMENDED.
-//		The client MUST NOT use the authorization code more than once.
-//		If an authorization code is used more than once, the authorization server MUST deny the request
-//		and SHOULD revoke (when possible) all tokens previously issued based on that authorization code.
-//		The authorization code is bound to the client identifier and redirection URI.
-
 		String redirectUri = authorizationRequest.getRedirectUri();
 		if (!StringUtils.hasText(redirectUri)) {
 			redirectUri = registeredClient.getRedirectUris().iterator().next();