openid / connect / issues / #428 - Standard - 2.3.5.1:"using the "application/x-www-form-urlencoded" format" -> in query string seriarization ?

Issue #428 invalid

hideki nara created an issue 2011-12-18

Or, "POST or GET can be used" is implied in current expression with application/x-www-form-urlencoded?

I think that describing explicitly about HTTP method like Authorization Request (2.3.1) looks better.

Comments (7)

Michael Jones
- assigned issue to
  
  John Bradley
It's not urlencoded if it's a GET.
- 2011-12-19T23:29:54+00:00
Michael Jones
Also look at 7.1 about query string serialization.
- 2011-12-19T23:30:27+00:00
hideki nara reporter
Ou, I misunderstood. Current description is about "response_uri" parameter, not about Authorization Response.
- 2011-12-20T01:43:40+00:00
John Bradley
The Authorization response is implicitly a 302 redirect containing the redirect_uri.

The section is consistent with OAuth 2.0.

I am changing the MUST be added to the fragment to a SHOULD. We want to leave open a post message profile. This is consistent with our registered return types. Post message is JS so may pass the parameters in a JSON object.
- 2011-12-20T18:24:01+00:00
John Bradley
re ~~#428~~ Change MUST add paramaters to fragment to a SHOULD to be consistent with response type registration.

→ 08905ef0f85b
- 2011-12-20T18:29:47+00:00
John Bradley
- changed status to invalid
- 2011-12-20T18:30:23+00:00
hideki nara reporter
FYI, OAuth 2.0 v.22 says:

4.1.1. Authorization Request

....

When a decision is established, the authorization server directs the user-agent to the provided client redirection URI using an HTTP redirection response, or by other means available to it via the user- agent.
- 2011-12-21T08:25:55+00:00
Log in to comment