-
assigned issue to
Standard - 2.3.5.1:"using the "application/x-www-form-urlencoded" format" -> in query string seriarization ?
http://openid.net/specs/openid-connect-standard-1_0-07.html#art_res_ok
Or, "POST or GET can be used" is implied in current expression with application/x-www-form-urlencoded?
I think that describing explicitly about HTTP method like Authorization Request (2.3.1) looks better.
Comments (7)
-
-
Also look at 7.1 about query string serialization.
-
reporter Ou, I misunderstood. Current description is about "response_uri" parameter, not about Authorization Response.
-
The Authorization response is implicitly a 302 redirect containing the redirect_uri.
The section is consistent with OAuth 2.0.
I am changing the MUST be added to the fragment to a SHOULD. We want to leave open a post message profile. This is consistent with our registered return types. Post message is JS so may pass the parameters in a JSON object.
-
re
#428Change MUST add paramaters to fragment to a SHOULD to be consistent with response type registration. -
- changed status to invalid
-
reporter FYI, OAuth 2.0 v.22 says:
....
When a decision is established, the authorization server directs the user-agent to the provided client redirection URI using an HTTP redirection response, or by other means available to it via the user- agent.
- Log in to comment
It's not urlencoded if it's a GET.