- changed milestone to Implementor's Draft
- changed component to Messages
-
assigned issue to
Review text specifying response_type behaviors for clarity
Issue #714
resolved
See the thread started by Brian Campbell on "Messages -15 RC: what to do malformed or ambiguous requests?". We probably need to be more explicit about what the intended behaviors are when some response_type values are used, including "code" and "token".
This probably affects Messages, Standard, Basic, and Implicit.
Comments (3)
-
reporter -
- changed milestone to Implementer's Draft
-
reporter - changed status to resolved
Fixed
#714- Clarified text specifying response_type behaviors→ <<cset 5c15c0d6d7c9>>
- Log in to comment
We need to be clearer what the meaning of the "openid token" response_type is. One option is that this gives you an access_token to the UserInfo endpoint but no ID Token. This would give up all identity properties of the protocol.
The other option is that we prohibit "token" without "id_token" when the "openid" scope is present. That's what we decided to do.