Issue #35 resolved

Session - 3.2 Session Management Endpoints: GET or POST?

OpenID Foundation
repo owner created an issue

The text says:

{{{ Authorization servers MUST support the use of the HTTP "GET" method as define in RFC 2616 }}}

(besides the typo: s/define/defined/) Do we really want it to support "GET"? Would it not leak the session? Should it not be POST?

Comments (4)

  1. Log in to comment