-
assigned issue to
Breno de Medeiros
- changed status to open
Basic 2.2.1, Messages 2.1.2 - Embedded display limitations not clear (editorial)
Issue #514
resolved
The specs currently say about the embedded display value: "The Authorization Server SHOULD display authentication and consent UI consistent with the limitations of an embedded user-agent."
Yaron Goland points out that the spec doesn't say what these limitations are. It should probably give some description of what they are, so that this display value is cosistently actionable by implementers.
Comments (3)
-
reporter
-
reporter
-
assigned issue to
Michael Jones
Breno and Chuck pointed out that the main issue with embedded clients is the lack of navigation features, especially the lack of a Back button.
Given that this is underspecified, the consensus was to drop this parameter value.
Chuck also points out that this may be orthogonal to the other display characteristics.
-
assigned issue to
-
reporter
- changed status to resolved
Fixed
#514Basic 2.2.1, Messages 2.1.2 - Embedded display limitations not clear - Log in to comment
We need to document the intended effect on IdP behaviors to make this actionable. These are likely best practices.
Limitations may include: small screen, limited color spectrum, no JavaScript support, limitations on total size of page.
We should consult Breno and the Facbook folks for details since this was their invention.