openid / connect / issues / #550 - Basic - 2.4 How to access the user info endpoint?

Issue #550 resolved

Torsten Lodderstedt created an issue 2012-02-20

Given the same origin policy, how is a JavaScript client supposed to access this endpoint? JSONP, CORS? Would it make sense to give advice to implementors?

Comments (4)

John Bradley
The client passes the server the access token in most cases.

How to build a JS client is more of a general OAuth issue.

However you make a good point for Standard, we should probably recommend CORS for user_info and check_id endpoints.

John
- 2012-02-20T20:25:43+00:00
Michael Jones
- assigned issue to
  
  John Bradley
The working group consensus is that Cross-Origin Resource Sharing (CORS) would be the right solution for JavaScript clients and that text to that effect should be added to Standard.
- 2012-02-20T23:47:27+00:00
Nat Sakimura
- changed title to Basic - 2.4 How to access the user info endpoint?
- 2012-02-20T23:51:18+00:00
John Bradley
- changed status to resolved
Fixes ~~#550~~ Added reference to CORS for JS clients to user_info and check_id endpoints in Standard. The behaviour of the endpoints is not part of the basic client profile. This profile is not intended to describe a JS Canvas application that is accessing these endpoints directly. Other profiles will, and Standard has been updated to reflect that.

→ 84b5127e845a
- 2012-02-23T22:39:20+00:00
Log in to comment

Assignee: John Bradley

Type: enhancement

Priority: major

Status: resolved

Component: Basic

Milestone: –

Version: –

Votes: 0

Watchers: 0