openid / connect / issues / #68 - Basic 3.2.3 - user's authorization decision cannot be forced — Bitbucket

Issue #68 resolved

Former user created an issue 2011-09-09

Section 3.2.3 states that "Authorization Server MUST obtain an authorization decision". This cannot be enforced since users cannot be forced to take action, i.e all implementations will be non-compliant when a user does not respond to the authorization question (and closes their browser, for example).

Comments (3)

hideki nara
- assigned issue to
  
  Edmund Jay
- changed status to open
- 2011-09-11T23:20:44+00:00
Nat Sakimura
In Basic, this section is just informative and not something to be implemented by the client. Thus, remove the normative language like 'MUST'.

In Messages, describe it as follows
```
Case no-previous login/consent => MUST attempt to show Login/Consent screen. 
Case prompt=login / consent => ditto
Case display=none => Do not show the Login/Conset screen. 
```
- 2011-09-14T22:58:10+00:00
Edmund Jay
- changed status to resolved
fixes ~~#68~~

→ 3cb88ce74215
- 2011-09-20T02:21:21+00:00
Log in to comment

Assignee: Edmund Jay

Type: bug

Priority: major

Status: resolved

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!