openid / connect / issues / #76 - Basic - 3.3.1 POST optional for both client and server — Bitbucket

Issue #76 resolved

Former user created an issue 2011-09-09

POST is optional for both the client and the server. This is unreliable - how does a client determine if the server supports POST or not? Trial and error is not a good choice.

Comments (3)

hideki nara
- assigned issue to
  
  Edmund Jay
- 2011-09-11T23:14:22+00:00

Nat Sakimura

Currently is:

The paramaters may be passed as query paramaters in a GET or as form encoded in a POST.

Authorization servers MUST support the use of the HTTP "GET" method as defined in RFC 2616 [RFC2616] and MAY support the "POST" method for the check session endpoint.

Change to:

The paramaters **MAY** be passed as query paramaters in a GET or as form encoded in a POST.

2011-09-14T23:37:54+00:00

Edmund Jay
- changed status to resolved
fixes ~~#76~~

→ e6d50893b738
- 2011-09-17T01:44:00+00:00
Log in to comment

Assignee: Edmund Jay

Type: bug

Priority: major

Status: resolved

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!