- changed milestone to Implementer's Draft
Basic - Tony Nadalin's review comments
Issue #724
resolved
From: openid-specs-ab-bounces@lists.openid.net [mailto:openid-specs-ab-bounces@lists.openid.net] On Behalf Of Anthony Nadalin Sent: Thursday, January 24, 2013 2:46 PM To: openid-specs-ab@lists.openid.net Subject: [Openid-specs-ab] openid-connect-basic-1_0-23 review
Section 2.2.2 1. mixes Client and User-Agent, should be consistent and use both or just 1 2. “this may happen over HTTPS” seems to go against core where it MUST
Section 2.2.3 1. Should state that TLS needs to be used and point the reader to section 2.3 in RFC6749
Section 2.3 1. Is “aud” and URI ? same for “azp”?
Section 2.4.2 1. If the user info endpoint does not have a value for middle_name (or any other member) will it return a “middle_name” :null or just not return “middle_name”?
Comments (3)
-
-
reporter
About 2.3.1, you asked "Is “aud” and URI ? same for “azp”?" The spec says that they are OAuth client_id values. OAuth is silent on whether client_ids are URIs or not.
To your question about middle name, 2.4.2. (UserInfo Response) says "If a Claim is not returned, that Claim Name SHOULD be omitted from the JSON object representing the Claims; it SHOULD NOT be present with a null or empty string value."
-
reporter
- changed status to resolved
Fixed
#724- Basic - Tony Nadalin's review comments→ <<cset b8d0b628ec6d>>
- Log in to comment
- Assignee
- –
- Type
- Priority
- Status
- resolved
- Component
- Basic
- Milestone
- Implementer's Draft
- Version
- –
- Votes
- 0
- Watchers
- 0
