- changed status to open
Standard - 5.1.2.1 Inconsistency with Messages
Issue #31
resolved
Section 5.1.2.1:
The assertion is a JSON structure which MUST contain the following values:
id_token The ID Token associated with the authentication session.
This does not match the Messages document, that states that this parameter is REQUIRED only if the response_type id_token was present in the request.
Comments (3)
-
-
Fixed the specs so that:
response_type=code => token endpoint always returns id_token.
response_type=token => only access_token is returned from authz endpoint in the fragment
response_type includes id_token => id_token is returned from authz endpoint in the fragment
code is always returned in query string.
-
- changed status to resolved
fixes
#31Standard - 5.1.2.1 Inconsistency with Messages - Log in to comment
I think that Standard and Basic should refer to Message anyway.