- changed status to resolved
New Core: 2-Authentication Table bugs
Thanks for incorporating the table idea.
IMHO, the Property column needs rework.
I think it should state the purpose / target / goal from the point of view of the implementers: i.e., to be a guidance. Current column is just describing some protocol properties, which seems to have been picked somewhat arbitrarily. Purpose based column such as http://nat.sakimura.org/2013/10/30/guidance-on-which-grant-flow-to-use-for-openid-connect/ seems to give a better guidance.
Even if the table was to express only the properties and not the guidance, the value of the rows are a bit buggy.
For example,
"Client is authenticated" should be "Client can be authenticated". Authorization Code Flow does not necessarily mean that the client is confidential.
In the "JavaScript-only Client possible" row, "Code" has "no" as the value, but it is not the case. Obviously, it may not be a good choice but you still can build it in Javascript (whether on the serverside or in the browser). The same applies for "Hybrid" as well.
Comments (3)
-
-
reporter - changed status to open
You fixed as:
+ <c>All tokens returned from Authorization Endpoint</c> <c>no</c> <c>yes</c> <c>some</c>
In this row title, "some" does not make sense. Either revert back by removing "All" or change "some" to "no".
-
- changed status to resolved
Fixed
#897- New Core - 2. Authentication - Add new text Fixed#893- New Core - 2. Authentication Table bugs→ <<cset dceaf1cdfda1>>
- Log in to comment
Fixed in https://bitbucket.org/openid/connect/commits/fe89d24379bde5ccc02764394e1f633a100178fe