openid / connect / issues / #714 - Review text specifying response_type behaviors for clarity — Bitbucket

Issue #714 resolved

Michael Jones created an issue 2013-01-28

See the thread started by Brian Campbell on "Messages -15 RC: what to do malformed or ambiguous requests?". We probably need to be more explicit about what the intended behaviors are when some response_type values are used, including "code" and "token".

This probably affects Messages, Standard, Basic, and Implicit.

Comments (3)

Michael Jones reporter
- changed milestone to Implementor's Draft
- changed component to Messages
- assigned issue to
  
  Michael Jones
We need to be clearer what the meaning of the "openid token" response_type is. One option is that this gives you an access_token to the UserInfo endpoint but no ID Token. This would give up all identity properties of the protocol.

The other option is that we prohibit "token" without "id_token" when the "openid" scope is present. That's what we decided to do.
- 2013-01-28T23:43:57+00:00
Nat Sakimura
- changed milestone to Implementer's Draft
- 2013-01-28T23:49:20+00:00
Michael Jones reporter
- changed status to resolved
Fixed ~~#714~~ - Clarified text specifying response_type behaviors

→ <<cset 5c15c0d6d7c9>>
- 2013-02-01T03:41:48+00:00
Log in to comment

Assignee: Michael Jones

Type: bug

Priority: major

Status: resolved

Component: Messages

Milestone: Implementer's Draft

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!