Messages 5.1.3 - Messages says MUST understand whereas OAuth 2.0 says MUST ignore for unrecognized request parameters
Issue #790
resolved
The first parameter validation step at http://openid.bitbucket.org/openid-connect-messages-1_0.html#req.obj.veri currently is: “The Authorization Server MUST understand all the parameters except for any unsupported Claims. If there are any parameters that it does not understand except for any unsupported Claims, it MUST return an error response.”
This contradicts OAuth 2.0, Section 3.1, which says “The authorization server MUST ignore unrecognized request parameters.”
I think we should just drop the sentence above from Messages.
Comments (3)
-
-
reporter -
assigned issue to
-
assigned issue to
-
reporter - changed status to resolved
Fixed
#790- Removed "MUST understand" text about request parameters, since OAuth requires that unrecognized parameters MUST be ignored.→ <<cset 0b7df012d926>>
- Log in to comment
We should change it to match OAuth and make it easier for extensions.