- changed title to Setup phase: Allow other grant_type other than code
-
assigned issue to
Torsten Lodderstedt
- marked as proposal
- edited description
Setup phase: Allow other grant_type other than code
Issue #1315
new
Comments from Torsten in pull request #39
https://bitbucket.org/openid/connect/pull-requests/39/merging-cp-into-ca#comment-238240377
I don’t see a benefit of limiting the grant type to code. Why not using CIBA or device as well? I basically think an endpoints design should never depend on the type of OAuth/OIDC flow used to obtain (access) tokens.
The current text goes:
Successful and Error Authentication Response are in the same manner
as [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html)
with the `code` parameter always being returned with the Authorization Code Flow. ** DISCUSS **
Comments (1)
-
- Log in to comment
- Assignee
- Type
- Priority
- Status
- new
- Component
- Claims Aggregation
- Milestone
- –
- Version
- –
- Votes
- 0
- Watchers
- 1
On 2021-08-24 call, it was pointed out that if we were to expand it, specifics need to be defined as well, such as a constrained set of parameters etc. for interoperability and associated security considerations.
Since it is in the setup phase, it happens only once (sort of) per IA. Is there a concrete need for other flows?