Standard 4.3.4.1
Issue #168
resolved
If the response_type parameter in the Authorization Request includes the string value "token" or "id_token", all response parameters SHOULD be added to the fragment component of the redirection URI. Otherwise, the response parameters are added to the query component of the redirection URI.
Change SHOULD to MUST, this is not optional for interoperability.
Comments (4)
-
reporter -
reporter - changed status to resolved
Fixed
-
- changed status to new
As I reported on
#166, " response_type=code" is the only Code Flow pattern, isn't it? -
- changed status to resolved
As John describe on
#166, "response_type=code" is the only "Code Flow" pattern and response encoded in URL query part. - Log in to comment
Fix 4.3.4.1 Re ticket 168 change SHOULD to MUST.
→ a5dfd7e8474a